In the context of information security, it is
process of determining if the end user is permitted to have access to the
desired resource such as the information asset or the information system
containing the asset. Authorization
criteria may be based upon a variety of factors such as organizational role,
level of security clearance, applicable law or a combination of factors. When effective, authentication validates that
the entity requesting access is who or what it claims to be.