##Authentication is how a website determines the content a user sees and the features they are allowed to use. It’s like when you arrive at the restaurant and they say, ‘Who are you? (username and password), and then they lead you to your table (features/content that you are have permission to use/see). Or more simply, ‘who gets to see and do what’ on a web application. The specifics around this type of control system is based on four main pillars, which I will summarize below.
- Identification - Who you claim to be. Most commonly, your username and password.
- Authentication- Confirmation that you are, indeed, who you say you are. (username and password checks out)
- Access Policy - Specifically what you are allowed to do and see on a website. For example, are you an administrator for the site or a public user?
- Authorization - The mechanism is which those features/and content are served or granted to the each specific access policy. For example, creating certain controls such that a public user doesn’t stumble upon or access features only an admisistrator should have access to.
When using a web application, the user is generally only cognizant of the first pillar..aka signing in. However behind the scenes, the web app is constantly working to monitor access depending on who and if a user checks out.
Hopefully I’ve simlified the idea of authentication and translate into common english concepts. If you have any questions, please reach out on my LinkedIn, or github profile!