Here's my analogy for authentication vs authorization:
Authentication is like when a police officer asks for your driver's license to verify your identity.
Authentication is like when you eat a cookie from the cookie jar, and your mom sends the crumbs left on the counter to test the DNA from the crumbs to verify that it was you.
Authorization is like when a security guard asks for your company ID card to make sure you have access to the building.
Thanks, Andy! Hope you won't mind me saying, I believe in this example there's a thin line on whether showing your driver's license to a police officer for verification could be seen as authorization or authentication. You could still see it as an authorization check on whether you are allowed to drive the car or not. What are your thoughts on this?
Authentication is like when you eat a cookie from the cookie jar, and your mom sends the crumbs left on the counter to test the DNA from the crumbs to verify that it was you.
Here's my analogy for authentication vs authorization:
Thanks, Andy! Hope you won't mind me saying, I believe in this example there's a thin line on whether showing your driver's license to a police officer for verification could be seen as authorization or authentication. You could still see it as an authorization check on whether you are allowed to drive the car or not. What are your thoughts on this?
Hmm, good points. Definitely don't mind :)
How about:
Andy, this is close, but not quite right, I believe. You should only open the cookie jar after you confirm your identity somehow :-)