Re: Buffer overflow or overrun?

[Tina Bird <tbird () precision-guesswork com>]

Yes, but I was distinguishing identification and
authentication, not authentication and authorization.
To derive the word "authentification," which doesn't
have anything to do with authorization.

Amazing discussion we're generating on this non-
existent word ;-)

On Mon, 29 Apr 2002 Valdis.Kletnieks () vt edu wrote:

> On Mon, 29 Apr 2002 15:35:24 CDT, Tina Bird said:
>
> > I've certainly had a lot of students get confused about
> > the whole issue, and use "authentification" to combine
> > both assigning an identifier to a person, and validating
> > that a person has the right to use a particular identifier.
>
> Identifying a specific entity as being itself and not an impostor
> is "authentication".  Deciding whether said entity is allowed to
> perform a requested action is "authorization".  The two are quite
> distinct, even though many people confuse the two.
>
> I came up with the following example of the vast difference:
>
> Authentication: "OK.. you have a picture ID that say you're Jeffrey Dahmer(*)".
>
> Authorization: "Can I lend you a steak knife, Mr Dahmer?".
>
> Grisly, but 100% effective in explaining the distinction. (Yes, you can
> use it, as long as you attribute it. ;)
> -- 
>                               Valdis Kletnieks
>                               Computer Systems Senior Engineer
>                               Virginia Tech
>
> (*) For the non-US list members - Jeffrey Dahmer was a rather nasty
> serial killer and cannibal....