Authentication and authorization aren't the same thing

Dave Birch at Tomorrow's Transactions clarifies here the difference between authentication and authorization -- two things that sound similar and are often confused, but are, in fact, very different functions in information systems that Authentity Masters need to understand:

  • Authentication = "Who are you?"
  • Authorization = "What are you allowed to do?"

Systems that do one, don't necessarily do the other, and vice versa.