It’s easy to confuse authentication with authorization. The two are frequently used interchangably in conversation and are often tightly associated as key pieces of web service infrastructure. But the two are really two different concepts which often are completely divorced from each other. Authentication is the process where by an individual’s identity is confirmed. Whereas authorization is the association of that identity with rights and permissions.