[cap-talk] Definition of Authentication on wiki.erights.org
Karp, Alan H
alan.karp at hp.com
Mon Sep 7 13:25:28 PDT 2009
David-Sarah Hopwood wrote:
>
> The gist of the above argument is that we can't really do
> *identification* -- or at the very least, we are not actually
> doing identification in most of the protocols that claim to be
> doing it. So, we probably don't need the term "identification"
> very much, and in any case it is not what is defined by
> definition 1).
>
I divide the access control process into four steps.
Identification: Knowing who to throw in jail. Often requires physical presence.
Subject Authentication: Used to grant the authorizations associated with an identity.
Authorization: The right to carry out some action.
Access Check: Verifying that a request is authorized.
People tend to conflate these steps, particularly identification and authentication, but also authentication, authorization, and the access check.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list