Security is a big deal in Oracle, especially in 12c. That's why we have to distinguish between:
Identification - Done by the client by claiming his/her identity
Authentication - Done by the client and server by proving his claim, above. The authentication can happen in any of the following cases:
* By something only the client knows (password) The most often and the most insecure
* By something only the client posses (finger prints, retina scan) The most secure, but also prone to false positive
* By something only the client can do (voice recognition).
* By combination of any of the above
Authorisation - Done by the server, by allowing actions based on rights and privileges which correspond with the PROVEN role.