Difference between revisions of "Authentication"
(→Full Title or Meme)
|Line 9:||Line 9:|
the use of the term Authentication
Latest revision as of 12:18, 19 February 2021
Full Title or Meme
The process of determining that a user is who they say they are.
In the early days of computer networking is was convenient to distinguish the process of identification of a user from the process of determining the Authorization of what resources that user could access.
There are multiple process that can be used to attach identity to the user trying to access a computer resource. After many years of trying to define the terms used in the previous sentence, it has become clear that the sentence does not carry sufficient information to determine what it means.
Restrict the use of the term Authentication to the process between a user asserting an Identifier and the web site accepting that identifier use as valid.
NIST has created an Ontology of Authentication (NISTIR 8344) that inserts Authentication between Identification and Authorization, which seems reasonable.
- NIST Digital Identity Guidelines https://doi.org/10.6028/NIST.SP.800-63-3