Difference between revisions of "Authentication"
(Created page with "==Full Title or Meme== The process of determine who a user is. ==Context== In the early days of computer networking is was convenient to distinguish the process of identifica...") |
(→Solution) |
||
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
− | The process of | + | The process of determining that a user is who they say they are. |
==Context== | ==Context== | ||
In the early days of computer networking is was convenient to distinguish the process of identification of a user from the process of determining the [[Authorization]] of what resources that user could access. | In the early days of computer networking is was convenient to distinguish the process of identification of a user from the process of determining the [[Authorization]] of what resources that user could access. | ||
+ | |||
+ | ==Problems== | ||
+ | There are multiple process that can be used to attach identity to the user trying to access a computer resource. After many years of trying to define the terms used in the previous sentence<ref>NIST ''Digital Identity Guidelines'' https://doi.org/10.6028/NIST.SP.800-63-3</ref>, it has become clear that the sentence does not carry sufficient information to determine what it means. | ||
+ | |||
+ | ==Solution== | ||
+ | Restrict the use of the term Authentication to the process between a user asserting an [[Identifier]] and the web site accepting that identifier use as valid. | ||
+ | |||
+ | NIST has created an [https://csrc.nist.gov/publications/detail/nistir/8344/draft Ontology of Authentication] (NISTIR 8344) that inserts Authentication between Identification and Authorization, which seems reasonable. | ||
+ | |||
+ | ==Reverences== | ||
+ | |||
+ | |||
+ | [[Category:Glossary]] | ||
+ | [[Category:Authentication]] |
Latest revision as of 11:18, 19 February 2021
Full Title or Meme
The process of determining that a user is who they say they are.
Context
In the early days of computer networking is was convenient to distinguish the process of identification of a user from the process of determining the Authorization of what resources that user could access.
Problems
There are multiple process that can be used to attach identity to the user trying to access a computer resource. After many years of trying to define the terms used in the previous sentence[1], it has become clear that the sentence does not carry sufficient information to determine what it means.
Solution
Restrict the use of the term Authentication to the process between a user asserting an Identifier and the web site accepting that identifier use as valid.
NIST has created an Ontology of Authentication (NISTIR 8344) that inserts Authentication between Identification and Authorization, which seems reasonable.
Reverences
- ↑ NIST Digital Identity Guidelines https://doi.org/10.6028/NIST.SP.800-63-3