Authentication and Authorization

While being similar and often combined these are two sperate concerns.

• Authentication: Binding an identity to a subject.
• Authorization: Binding rights to a subject.

Authentication

The authentication process consists of 4 distinct steps:

1. Receiving authentication data
2. Extracting unique featues
3. Comparison with reference data
4. Final Authentication

Most authentication procedures are based around secrets:

• What do I know?
• Where am I?
• What do I have (biometric)?

The authentication can be split into verification, which means comparing the authentictation data with the reference data (1:1) and identification were we compare the authentication data against the reference data of all registered people (1:n).

Knowledge base authentication

Uses secret knowledge like a pin or password which is not known to anyone else. This secret needs to be complex enough such that it can't be guessed and it should be changed frequently.

Example authentication steps:

1. Typing in your password
2. Hashing the password
3. Comparing hash with reference hash
4. Identical or not identical