Authentication is the process of establishing to a specified Level Of Assurance that the Identification is authentic.

Authentication for most of our purposes is the process a Digital Identity making an Assertion of Claims to a Verifier which uses Authentication Methods to provide a Level Of Assurance by validation of the Claims.

Authentication is a Facet Of Building Trust.

Authentication includes Identification and is REQUIRED before you can perform Authorization.

Authentication Process#

Authentication process consists of two basic steps: (RFC 4949)

Authentication Classes#

Authentication in the context of Identity and Access Management, this includes:

These contexts and usages have similar operations: presentation of evidence, sometimes known as ‘authenticators’ to a verifier; verification of the evidence either as-presented or against a data repository; optional corroboration of data related to the evidence; decision; action resulting from decision.

Authentication Definition#

Authentication[1] (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something or someone as authentic.

"the real-time corroboration of a person's claimed digital Identity with an implied or notional level of trust." [2]

"The process of establishing confidence in the Digital Identity of users or information systems" (NIST.SP.800-63—2),

ISO 24745 - process of establishing an understood Level Of Confidence that a specific entity or claimed identity is genuine

Authentication Components#

Authentication Challenges#

There are many Authentication Challenges


Victor the (Verifier) is an entity that must be convinced that Peggy (the prover or Claimant) knows some Authentication Factors to some Level Of Assurance.


The scenario we are most familiar with us when something or someone (a Digital Identity) presents (or claims) something. As an Example:
  • I am userid1
  • and my password is Xyz
The Identity Provider (IDP) then verifies that the asserted claims are genuine.

There are many Authentication Methods.

Authentication involves Trust#

In our modern day digital systems Authentication involves Trust that the Relying Party trusts the Identity Provider (IDP).

LDAP Authentication#

Some details on LDAP Authentication

Level Of Assurance#

Authentication is always subject to a Level Of Assurance the the Third-party is willing to accept.

More Information#

There might be more information for this subject on one of the following: