Authentication

Monday, December 10, 2007, 4:10

This news item was posted in A, Glossary of computer security category and has 0 Comments so far.

Authentication is any process by which you verify that someone is who they claim they are. This usually involves a username and a password, but can include any other method of demonstrating identity, such as a smart card, retina scan, voice recognition, or fingerprints. Authentication is equivalent to showing your drivers license at the ticket counter at the airport.

Authorization is finding out if the person, once identified, is permitted to have the resource. This is usually determined by finding out if that person is a part of a particular group, if that person has paid admission, or has a particular level of security clearance. Authorization is equivalent to checking the guest list at an exclusive party, or checking for your ticket when you go to the opera.

Finally, access control is a much more general way of talking about controlling access to a web resource. Access can be granted or denied based on a wide variety of criteria, such as the network address of the client, the time of day, the phase of the moon, or the browser which the visitor is using. Access control is analogous to locking the gate at closing time, or only letting people onto the ride who are more than 48 inches tall - it’s controlling entrance by some arbitrary condition which may or may not have anything to do with the attributes of the particular visitor.

Because these three techniques are so closely related in most real applications, it is difficult to talk about them separate from one another. In particular, authentication and authorization are, in most actual implementations, inextricable.

If you have information on your web site that is sensitive, or intended for only a small group of people, the techniques in this tutorial will help you make sure that the people that see those pages are the people that you wanted to see them.

Related posts brought to you by Yet Another Related Posts Plugin.

Tagged with: A, access, access-control, Authentication, Computer-security, Glossary-of-computer-security

You can follow any responses to this entry through the RSS 2.0 feed.

You can leave a response, or trackback from your own site.

:::: Recent entries
Securing the code in Vista Hackers have blown the whistle on banking fees Twitter hacked through phishing Rural areas progress through IT Shift in budgets by IT companies Top 10 provider of CEH training K7 TotalSecurity now comes with “Pre-Installation Super Scanner’ Motorola got a jump on its CES announcements

Authentication

Leave a Reply