web security systems are based on a two-step process. The first step is authentication, which ensures the user identity second step is authorization, which allows the user to access the various resources based on the user's identity.