Authentication and Authorization
- Authentication
- An authentication system is how you identify yourself to the computer.
The goal behind an authentication system is to verify that the user is
actually who they say they are.
There are many ways of authenticating a user. Any combination of the following
are good examples.
- Password based authentication
- Requires the user to know some predetermined quantity (their password).
- Advantages: Easy to impliemnt, requires no special equipemnt.
- Disadvantages: Easy to forget password. User can tell another user
their password. Password can be written down. Password can be reused.
- Device based authentication
- Requires the user to posses some item such as a key, mag strip, card, s/key
device, etc.
- Advantages: Difficult to copy. Cannot forget password. If used
with a PIN is near useless if stolen.
- Disadvantages: Must have device to use service so the user might
forget it at home. Easy target for theft. Still doesn't actually actively
identify the user.
- Biometric Authentication
- My voice is my passport. Verify me. This is from the movie
sneakers and demonstrates one type of biometric authentication device. It
identifies some physical charactistic of the user that cannot be seperated
from their body.
- Retina Scanners:
- Advantages: Accurately identifies the user when it works.
- Disadvantages: New technology that is still evolving. Not perfect yet.
- Hand Scanners:
- Advantages: Difficult to seperate from the user. Accurately identifies the user.
- Disadvantages: Getting your hand stolen to break into a vault sucks a lot more than getting your ID card stolen.
- Authorization
- Once the system knows who the user is through authentication, authorization is how the system decides what the user can do.
A good example of this is using group permissions or the difference between
a normal user and the superuser on a unix system.
There are other more compicated ACL (Access Control Lists) available to
decide what a user can do and how they can do it. Most unix systems don't
impliment this very well (if at all.)
http://www.acm.uiuc.edu/workshops/security/auth.html
No comments:
Post a Comment