Identification involves something unique to the user, such as a name, username, ID number, or Social Security number. It establishes who the individual claims to be.
Authentication ensures that the person is who they claim to be, typically involving multifactor authentication (MFA), which combines:
- Type 1: Something you know (password, passphrase, PIN).
- Type 2: Something you have (ID, smart card, token, one-time password).
- Type 3: Something you are (biometrics like fingerprints, iris scans, facial geometry).
Authorization determines what the authenticated user can access, using various models:
- DAC (Discretionary Access Control): Users grant rights to objects.
- MAC (Mandatory Access Control): Strict, least-privilege access, common in military/intelligence sectors.
- RBAC (Role-Based Access Control): Access based on user roles, common in the private sector.
- ABAC (Attribute-Based Access Control): Access based on attributes of the user.
Accountability involves tracing actions to users to ensure non-repudiation, often facilitated through auditing.
No comments:
Post a Comment