Authentication

From MgmtWiki
Revision as of 11:18, 19 February 2021 by Tom (talk | contribs) (Solution)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Full Title or Meme

The process of determining that a user is who they say they are.

Context

In the early days of computer networking is was convenient to distinguish the process of identification of a user from the process of determining the Authorization of what resources that user could access.

Problems

There are multiple process that can be used to attach identity to the user trying to access a computer resource. After many years of trying to define the terms used in the previous sentence[1], it has become clear that the sentence does not carry sufficient information to determine what it means.

Solution

Restrict the use of the term Authentication to the process between a user asserting an Identifier and the web site accepting that identifier use as valid.

NIST has created an Ontology of Authentication (NISTIR 8344) that inserts Authentication between Identification and Authorization, which seems reasonable.

Reverences

  1. NIST Digital Identity Guidelines https://doi.org/10.6028/NIST.SP.800-63-3