News

AUTHENTICATION VS. AUTHORIZATION

3/12/2010 9:37 AM Eastern

THE TECH CODE-BOOK GROWS HEAVY WITH FIVE-SYLLABLE WORDS THAT
start with vowels.

Take “authentication” and “authorization,” for instance. They
tend to pair up in conversations. “Entitlement” usually lurks
somewhere nearby, one syllable short.

This is the language of the latest facelift on the 62-yearold
beauty that is cable TV — the extension of the core video
product to other screens.

But in order to get your video on, say, your computer
screen, your service provider needs to know that you’re really
you. That’s authentication.

Authorization is what you’re allowed to do once it’s established
that you really are you: your access level, your service
package. If you don’t take Showtime on TV, in other words,
it’s not going to show up for you online.

“Entitlements” are more about what’s allowed to happen
to a piece of content, a title, a video asset. Maybe it can’t ever
be copied; maybe it can’t ever go outside; maybe it requires
authentication.

This is all for sign-on. Right behind that is the notion of
the single sign-on, meaning that you log in somewhere, then
go to any online video provider, and you’re still logged in. Example:
You’re catching up on Top Chef, on Bravo. It makes you
hungry, so you close your browser and go to lunch. Later,
you type your way over to VH1 for a little Celebrity Rehab With
Dr. Drew
. You’ve changed networks, but you only had to log
in one time.

“SAML” is one of the acronym leaders in single sign-on;
it stands for “Security Assertion Markup Language.”
People tend to pronounce it as a word that rhymes with
“trammel.”

For better or worse, the process of authentication and
authorization will, at some point, ask you for the login — email
address and password in most cases — assigned to you
when you got broadband.

We forget.

In the past two months, I’ve asked two crowded rooms
full of industry people to raise their hands if they remember
their cable login. Hardly any of us remember.

In gathering that highly scientific data, two stories
emerged. Short version: Guy loses his credit card at CES. Cancels
it. His cable bill hit that card. The bill comes: late charge.
Calls to … inquire. Care agent says a notification was sent to
the e-mail that came with his account. Twelve years ago. Never
used.

Use Case #2: Guy rents an apartment. Roommate was
there first and set up the cable account. Roommate moves.
Guy needs to make a change. Care agent asks for the account
login. Uh-oh.

Here’s a thought: Run an online application, in large letters
and in sparkly lights, for the many Luddites among us
who just don’t remember, let alone use, the login credentials
assigned to us when we added broadband service.

Have pity on us. Make it easy. I’m begging.

September
October