Authentication
Authentication refers to the process where an entity's identity is authenticated, typically by providing evidence that it holds a specific digital identity such as an identifier and the corresponding credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, digital signatures and phone numbers (calling/called).
Authorization
The authorization
function determines whether a particular entity is authorized to
perform a given activity, typically inherited from authentication when
logging on to an application or service. Authorization may be determined
based on a range of restrictions, for example time-of-day restrictions,
or physical location restrictions, or restrictions against multiple
access by the same entity or user. Typical authorization in everyday
computer life is for example granting read access to a specific file for
authenticated user. Examples of types of service include, but are not
limited to: ip address filtering, address assignment, route assignment, quality of Service/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.
Accounting
Accounting refers to the tracking of network resource consumption by users for the purpose of capacity and trend analysis, cost allocation, billing. In addition, it may record events such as authentication and authorization failures, and include auditing
functionality, which permits verifying the correctness of procedures
carried out based on accounting data. Real-time accounting refers to
accounting information that is delivered concurrently with the
consumption of the resources. Batch accounting refers to accounting
information that is saved until it is delivered at a later time. Typical
information that is gathered in accounting is the identity of the user
or other entity, the nature of the service delivered, when the service
began, and when it ended, and if there is a status to report.
Advantages of SSO (Single Sign On)
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Conversely, Single sign-off is the property whereby a single action of signing out terminates access to multiple software systems.
Benefits of using single sign-on include:
- Reducing password fatigue from different user name and password combinations
- Reducing time spent re-entering passwords for the same identity
- Reducing IT costs due to lower number of IT help desk calls about passwords
Multifactor Authentication
Multi-factor authentication (also MFA, Two-factor authentication, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something the user knows"), a possession factor ("something the user has"), and an inherence
factor ("something the user is"). After presentation, each factor must
be validated by the other party for authentication to occur.
No comments:
Post a Comment