Identification vs. Authentication

Unlike an ID, which is publically known and is easily determined, authentication is based on a secret that only the real user or program know/have.

Access Control is defined as a combination of (1) authenticating a user/program/web client and (2) deciding on whether this entity is allowed/disallowed to perform the action it requests to take (log into an account, open a file, update information, etc.)