Users may treat the words authentication and authorization as synonyms, but they have different meanings. Authorization defines the process of granting the user permissions to access a resource or perform a task. Authentication defines the process of verifying the user's identity based on a set of credentials. This distinction separates the protection of content into two individual processes. Each process can have its own separate implementation or multiple implementations.

For example, you might authenticate a user by checking a username and password against the values stored in a database or by verifying the existence and validity of a session ID stored in a browser cookie. Likewise, you might authorize a user to view content on a protected page by verifying the user's account type has administrator permissions.

On the DSS, an additional type of authentication, Run-Time Authentication (RTA), provides a layer of permissions to live content.

The Ingeniux Run-Time Authentication module provides an API for implementing authentication routines. This API allows content contributors to implement authorization logic by consuming the artifacts of the authentication system.