Authorization in Software Systems As we know that, the concept of Autorization is simply checking if a verified user or application is allowed to do something. It generally comes to authorization policies which would be checked to make this decision. The decision is simple, is person X allowed to access resource R ? This can be further broken up to Create, Read, Update, Delete Access. There are multiple patterns to achieve access control in software systems....
Authentication in Software Systems As we know that, the concept of Authentication is simply identifying an entity (user). So, in a software system how do we manage the process? There are mainly two strategies and their combination when it comes to authentication Username and Password (Knowledge-based strategy) Passwordless (OTP, Login URL) (Possession-based strategy) Multi-factor (Combination of both, has to provide a password and also OTP) Authentication can be simplified into 4 parts...
Authentication and Authorization Authentication and Authorization is the identification and access control of a user within a service. It is a way to provide security and privacy to users. 1. Authentication Authentication is the process of validating or identifying a user. Example: We keep an ID card to identify ourself as member of a company and as proof, A security will identify us using that ID card (this identification process is authentication)....