Intro
Once I started implementing an authentication system, I found myself coming back to these terms again and again to separate their individual roles and purpose in the system. This article was created to serve as a quick reference.
Authentication
- process of the Principal proving its identity to the System
- Examples of Principal
- application
- computer system
- human
- hardware, etc
- System is any computer system that requires identification before allowing access
- System could be hosted on
- server
- device
- browser, etc
- Examples of Principal
Single Sign On (SSO)
- characteristic of an authentication mechanism
- that relates to
- the user's identity being used to
- provide access across multiple Service Providers
- allows a single authentication system to be used across multiple systems
- The single authentication mechanism could be
- LDAP or such directory server
- a system generating trusted token
- Federation (see below)
Identity and Access Management (IAM)
- the management of identity concerns within an information technology organization
- can include
- authentication of users and system
- authorization of those users and systems
- user provisioning
- audit of identity systems
- user repository management (like LDAP or Active Directory)
- password policies and other concerns
Federation
- common standards and protocols
- to manage and map user identities
- between Identity Providers
- across org (and sec domains)
- via trust rel (like dig sig, enc, PKI)
- a sub-discipline of IAM, but typically the same team(s) is involved in supporting it
- a type of SSO where the actors span multiple organizations and security domains
Reference
For a deep dive into the above (and more): https://medium.com/@robert.broeckelmann
Related
If you found this quick reference article useful, you may also benefit from
Top comments (0)