jspωiki
Authentication

Overview#

Authentication is the process of establishing to a specified Level Of Assurance that the Identification is authentic.

Authentication for most of our purposes is the process a Digital Identity making an Assertion of Claims to a Verifier which uses Authentication Methods to provide a Level Of Assurance by validation of the Claims.

Authentication is a Facet Of Building Trust.

Authentication includes Identification and is REQUIRED before you can perform Authorization.

Alice And Bob User Story#

This is a User Story where Alice wants to send Bob a message and Eve is eavesdropping in the Communication.
Eve could change the message in some way. This requires Eve to have a bit more control over the communication channel, but that is not at all an impossibility.

Alice tries to send the message m, but Eve interferes with the communication channel and instead of receiving m, Bob receives a different message m`
Authentication/authentication.png

Where:

When Alice sends the message, she computes the Message Authentication Code and sends both the message and the a authentication code, or MAC. When Bob receives the message and a (Message Authentication Code), Bob calculates a (Message Authentication Code) and compares to the value of a that Alice sent. Bob will recognize that the message is not correct.

Authentication is only a partial solution. Eve can still delete messages that Alice sends. Eve can also repeat old messages or change the message order.

Authentication Process#

Authentication process consists of two basic steps: (RFC 4949)

Authentication Classes#

Authentication in the context of Identity and Access Management, this includes:

These contexts and usages have similar operations: presentation of evidence, sometimes known as ‘authenticators’ to a verifier; verification of the evidence either as-presented or against a data repository; optional corroboration of data related to the evidence; decision; action resulting from decision.

Authentication Definition#

Authentication[1] (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something or someone as authentic.

"the real-time corroboration of a person's claimed digital Identity with an implied or notional level of trust." [2]

"The process of establishing confidence in the Digital Identity of users or information systems" (NIST.SP.800-63—2),

ISO 24745 - process of establishing an understood Level Of Confidence that a specific entity or claimed identity is genuine

Authentication Components#

Authentication Challenges#

There are many Authentication Challenges

Verifier#

Victor the (Verifier) is an entity that must be convinced that Peggy (the prover or Claimant) knows some Authentication Factors to some Level Of Assurance.

Example#

The scenario we are most familiar with us when something or someone (a Digital Identity) presents (or claims) something. As an Example:
  • I am userid1
  • and my password is Xyz
The Identity Provider (IDP) then verifies that the asserted claims are genuine.

There are many Authentication Methods.

Authentication involves Trust#

In our modern day digital systems Authentication involves Trust that the Relying Party trusts the Identity Provider (IDP).

LDAP Authentication#

Some details on LDAP Authentication

Level Of Assurance#

Authentication is always subject to a Level Of Assurance the the Third-party is willing to accept.

More Information#

There might be more information for this subject on one of the following: