Authentication is saying “I am me”. It validates who you are. When you go to a club and the bouncer stops you and you tell him you’re on the guest list, you then show him your ID and he says “Ahh! You’re that guy, come on in” - that’s Authentication


Authorisation validates what you claim to be. Going back to the club and the bouncer stops you. You show him your ID. He authenticates you and that your ID belongs to you by checking your picture matches your face. He then checks your authorisation by checking your date of birth to validate that you’re old enough to come in, but otherwise doesn’t care who you are. He only cares about your age. Your date of birth here is what’s called a claim. It’s something your ID token claims to be true about you.


Accounting validates what you do once you have access. Back to the club, the bouncer gives you a wristband. This wristband is used for everything at the club, from buying drinks, to accessing the dancefloor, to going to the toilet. Every time your wristband is used, where and when it is used is logged. These logs in aggregate form a detailed picture of what you did during your time at the club.