TLS, or Transport Security Layer, is a component of almost every web server as of 2020. It is a protocol that allows a client computer to authenticate the identity of a server before sending any data, which ensures that sensitive information is not being sent to a fraudulent end point. After verifying the identity of the server, all further communication is encrypted under a set of session keys unique to the client and server. This article will unpack the details of TLS a little later on, but with an important distinction; this article isn’t about TLS authentication, but instead TLS authorisation.
Authentication vs Authorisation
While the concepts of authentication and authorisation might at first seem to be essentially the same, the difference between them is crucial for Internet security. To use a real-world comparison, imagine going to a bank in which you have an active account—be it savings, checking, or anything else. If you want to access your account, you will be asked to present your card as proof that you are the legitimate owner of the account. This is authentication: the process of verifying the identity of a party.
Presenting your credit card to the teller does not, however, grant you access to other bank accounts, nor does it give you permission to wander into the back vault, hop behind the desk, or otherwise engage with restricted areas. This is because although your card is able to authenticate you, it is not able to authorise you to interfere with the working of the bank; for that you would need to present something like a bank-issued ID badge proving your level of authority.
This is why there are protocols on the Internet that ensure both authentication and authorisation of a client are possible. A common and practical method is to use TLS.
As it stands,

View Entire Article on