!!! Overview
[{$pagename}] ([AuthN]) is the __process__ of establishing to a specified [Level Of Assurance] that the [Identification] is __authentic__.
[{$pagename}] for most of our purposes is the process a [Digital Identity] ([Peggy]) making an [Assertion] of [Claims] to a [Verifier] ([Victor]) which uses [Authentication Methods] to provide a [Level Of Assurance] by [validation] of the [Claims].
[{$pagename}] includes [Identification] and is [REQUIRED] before you can perform [Authorization].
[{$pagename}] is the function of confirming the legitimacy of a [Claimant] (i.e., that the [Claimant] is indeed the [Subject] which it claims to be).
[{$pagename}] is a Facet Of Building [Trust].
!! [Alice And Bob] [User Story]
This is a [User Story] where [Alice] wants to send [Bob] a message and [Eve] is [eavesdropping|Eavesdropper] in the [Communication]. \\
[Eve] could change the [message] in some way. This requires [Eve] to have a bit more control over the [communication] channel, but that is not at all an impossibility.
[Alice] tries to send the [message] m, but [Eve] interferes with the [communication] channel and instead of receiving m, [Bob] receives a different [message] m`\\
[/images/authentication.png]
Where:
* m = [message] in [Plaintext]
* h = the [MAC] [function]
* K%%sub a%% = [Authentication] [Key] (requires [Key-Exchange])
* a = the [Message Authentication Code] and calculated by h(K%%sub a%%, m)
When [Alice] sends the [message], she computes the [Message Authentication Code] and sends both the [message] and the a authentication code, or MAC.
When Bob receives the [message] and a ([Message Authentication Code]), [Bob] calculates a ([Message Authentication Code]) and compares to the value of a that [Alice] sent. [Bob] will recognize that the [message] is not correct.
[{$pagename}] is only a partial solution. [Eve] can still delete [messages] that [Alice] sends. [Eve] can also repeat old [messages] or change the [message] order.
!! [{$pagename}] Process
[{$pagename}] process consists of two basic steps: ([RFC 4949])
* [Identification] step: Presenting the [Assertion Value] of a [claim] (e.g., a user [identifier]) to the [{$pagename}] subsystem.
* [Verification] step: Presenting or generating [Credential] (e.g., password or a value signed with a [Private Key]) that acts as [evidence] to prove the binding between the [attribute] and that for which it is claimed.
!! [{$pagename}] Classes
* [Entity Authentication] - Most people relate [{$pagename}] to [Entity Authentication]
* [Message Authentication]
[{$pagename}] in the [context] of [Identity and Access Management], this includes:
* Document [verification]: checking that [data] is correct and valid by corroboration or source verification; checking that any document security features are intact; searching for duplicates. Often used in [Enrollment] and Verification processes.
* [Credential] [{$pagename}]: can include
** a form of document verification where the credential is a controlled document issued by an authority; or
** a form of user login where a [credential] and [authenticator] are used to prove that the [credential] is presented and controlled by the true owner.
* [Entity Authentication] is a form of login using [credentials] and [authenticators]. This form deliberately avoids specification of [Natural Person] [entities] versus [Non-person entity].
* [Federated Authentication]: [Entity Authentication] where the [Identity Provider (IDP)] is remote or separate from the [resource] being requested and the [verifier] and [Relying Party] use the same [Authentication Method] and [Level Of Assurance]. The [{$pagename}] [verifier] communicates, or asserts, the result of the [{$pagename}] to the [Relying Party].
These [contexts] and usages have similar operations: presentation of [evidence], sometimes known as ‘[authenticators]’ to a [verifier]; [verification] of the [evidence] either as-presented or against a [data] repository; optional corroboration of data related to the evidence; decision; action resulting from decision.
!! [{$pagename}] [Definition]
Authentication[1] (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something or someone as __authentic__.
"the real-time corroboration of a person's claimed [digital Identity] with an implied or notional [level of trust|Level Of Assurance]." [2]
"The process of establishing confidence in the [Digital Identity] of users or information systems" ([NIST.SP.800-63]—2),
[ISO 24745] - process of establishing an understood [Level Of Confidence|Level Of Assurance] that a specific [entity] or claimed [identity|Digital Identity] is genuine
!! [{$pagename}] Components
* [Authentication Protocols]
* [Authentication Methods]
* [Authentication Channel]
!! [Authentication Challenges]
There are many [Authentication Challenges]
!! [Verifier]
[Victor] the ([Verifier]) is an [entity] that must be convinced that [Peggy] (the [prover] or [Claimant]) knows some [Authentication Factors] to some [Level Of Assurance].
!! [Example]
The scenario we are most familiar with us when something or someone (a [Digital Identity]) presents (or [claims]) something.
As an [Example]:
* I am userid1
* and my password is Xyz
The [Identity Provider (IDP)] then verifies that the asserted claims are genuine.
There are many [Authentication Methods].
!! [{$pagename}] involves [Trust]
In our modern day digital systems [{$pagename}] involves [Trust] that the [Relying Party] [trusts] the [Identity Provider (IDP)].
!! [LDAP Authentication]
Some details on [LDAP Authentication]
!! [Level Of Assurance]
[{$pagename}] is always subject to a [Level Of Assurance] the the [Third-party] is willing to accept.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [http://en.wikipedia.org/wiki/Authentication|http://en.wikipedia.org/wiki/Authentication|target='_blank'] - Retrieved 2012-11-22
* [#2] - [Gartner defines "user authentication"|https://www.gartner.com/doc/3210517?ref=unauthreader|target='_blank']