Identification vs. Authentication
Unlike an ID, which is publically known and is easily determined, authentication is based on a secret that only the real user or program know/have.
Access Control is defined as a combination of (1) authenticating a user/program/web client and (2) deciding on whether this entity is allowed/disallowed to perform the action it requests to take (log into an account, open a file, update information, etc.)
- Quick heads-up: The process by a server/company of deciding whether someone or something is allowed/disallowed to perform an action is called authorization, and we will touch on this concept at the end of Topic 3.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.