- Identification:
- Your name, username, ID number, employee number, SSN etc.
- “I am Thor”.
- Authentication:
- “Prove you are Thor”. – Should always be done with Multifactor Authentication!
- Something you know – Type 1 Authentication (passwords, pass phrase, PIN etc.).
- Something you have – Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.).
- Something you are – Type 3 Authentication (and Biometrics) (Fingerprint, Iris Scan, Facial geometry etc.).
- Somewhere you are – Type 4 Authentication (IP/MAC Address).
- Something you do – Type 5 Authentication (Signature, Pattern unlock).
- Authorization
- What are you allowed to access – We use Access Control models, what and how we implement depends on the organization and what our security goals are.
- More on this in Domain 5 – Identity and Access Management (DAC, MAC, RBAC, RUBAC)
- Accountability (also often referred to as Auditing)
- Trace an Action to a Subjects Identity:
- Prove who/what a given action was performed by (non-repudiation).