Authentication verifies "who you are" - confirming the identity of a user or system.

• Examples: Username/password, biometrics, certificates

Authorization determines "what you can do" - granting or denying access to resources based on identity.

• Examples: Role-based access control (RBAC), permissions, ACLs

Example flow:

1. User provides credentials (authentication)
2. System verifies credentials
3. System checks user's permissions for requested resource (authorization)
4. Grant or deny access based on permissions