Authentication : Who are you? prove it.
-> Authorization : Does this person have permission to access the requested resources?
-> Resources
OS(TCB) needs to know who makes a request for a protected resorce
A process that makes the request does it on behalf of a certain user, subject or principal
Authentication helps us answer the question: on whose behalf the requesting process runs?
Includes claims about an identity and verification of the claimed identitiy of the user who wants to gain access to system and resource
Authentication Goals
User/principal associated with an identity should be able to successfully authenticate itself
– Availability
– No false negatives
User/principal not associated with the dentity should not be able to authenticate itself
– Authenticity
– No false positives
How is Authentication implemented?
– something a user knows, something a user has, something a user is
