Internet Security: A Jumpstart for Systems Administrators and IT Managers

Chapter 6: Authentication and Authorization

6.1 The basics

Let's imagine that I worked for NASA (spaceships are cool). I would get a key card and a nametag that I could show off to other people and use as bragging rights. Additionally, the keycard and nametag would tell every-body how important I was within NASA. This might work for me and against me, in that I'd be authenticated to enter the building, but not authorized to enter every room. This is essentially the same way in which the internet works. As businesses implement networked information strategies that call for controlling access to information resources in the networked environment, authentication and access management are emerging as major issues that must be developed, implemented, and supported. There are two primary access issues that must be dealt with: authentication and authorization. Authentication and authorization have very specific definitions.

"Authentication" is the process where a user (via any type of physical access PC, network, remote) establishes a right to an identity. I log in to a system with my user name and password, and the system now knows who I am.

Note

User name = Bubba Joe Smith

"Authorization" is the process of determining whether a user is permitted to perform some action or access to a resource. I log in to a system with my user name and password, and the system knows who I am and now can grant or deny access to certain databases.

Note

User name = Bubba Joe Smith

Access to the Fishing Database = Bubba...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Access Control Systems
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.