Authentication vs. Authorization 验证与授权[整理]

Authentication vs. Authorization 验证与授权

It is important to clarify the difference between authentication and authorization, and how these terms are used within this paper. The differences are fairly obvious, but understanding the implications of each is important.

首先我们必须要分清验证与授权之间的区别,这样才能使我们更好的理解他们在本文档(Passport Guide)中所代表的含义。顾名思义,看上去他们的区别很明显,但是对于我们来说,重要的是理解他们之间的关联关系。


au·then·ti·ca·tion [aw thènt káysh'n] noun:
The verification of credentials presented by an individual or process in order to determine identity.


au·thor·i·za·tion [àwthr záysh'n ] noun:
To grant an individual permission to do something or be somewhere.


Authentication is the process of recognizing who an individual is by verifying credentials.  Authorization is the act of deciding what that individual has access to. When someone asks for your driver's license, for example, it is a form of authentication. Your driver's license provides a way for you to identify yourself to others in order to assist in many transactions.


Your driver's license alone does not determine whether you can legally engage in any age restricted activities (voting, for example).  It only verifies the relevant credentials, such as date of birth, so that permission can be given for an activity.



It is possible to authenticate someone without any authorization, but it is difficult to imagine authorizing someone for some purpose without also requiring that they go through some form of authentication.



Passport is focused on authentication.  This is important, as it means that you remain in control of authorizing your own services.  One of the benefits of Passport is that it offloads the need for you to run an authentication system, resetting passwords and other related tasks, while still leaving you control over who can use your site.

Passport只是做为一个通用化的验证平台,明确这一点很重要,每个PassportRelying Party必须根据自己的业务需求来对通过验证的ACCOUNT进行授权。帮您建立和维护用户验证系统,用户不必再为多个网站必须牢记多个帐号/密码而烦恼,Passport为您想到做到….just so so









posted @ 2009-08-01 12:49  Luke Zhang  阅读(1298)  评论(0编辑  收藏  举报