Authentication
Authentication is the process of determining whether someone or
something is, in fact, who or what it is declared to be. In private and
public computer networks (including the Internet), authentication is
commonly done through the use of logon
passwords. Knowledge of the password is assumed to assure that the
user is authentic. Each user registers initially (or is registered by
someone else), using an assigned or self-declared password. On each
subsequent use, the user must know and use the previously declared
password. The weakness in this system for transactions that are
significant (such as the exchange of money) is that passwords can often
be stolen, accidentally revealed, or forgotten.
For this reason, Internet business and many other transactions require a more stringent authentication process. The use of electronic "credit card issued and verified by a Certificate Authority (CA) as part of a public key infrastructure is considered likely to become the standard way to perform authentication on the Internet. A public key infrastructure enables users of a basically insecure public network such as
the Internet to securely and privately exchange data and money through the use of a public and a
private cryptographic key pair that is obtained and shared through a trusted authority.
Aunthorization
Authorization is the process of giving someone permission to do or have something. In multi-user
computer systems, a system administrator defines for the system which users are allowed access to the system
and what privileges of use (such as access to which file directories, hours of access, amount of
allocated storage space, and so forth). Assuming that someone has logged in to a computer operating
system or application,
the system or application may want to identify what resources the user can be given during this
session. Thus, authorization is sometimes seen as both the preliminary setting up of permissions by
a system administrator and the actual checking of the permission values that have been set up when
a user is getting access.
Logically, authorization is done before authentication.
Accounting
Accounting records
what the user actually did, what he accessed, and how long he accessed it, for
accounting, billing, and auditing purposes. Accounting keeps track of how
network resources are used. Auditing can be used to track network access and to
detect network intrusions
Reference:
http://searchsecurity.techtarget.com/definition/authentication
http://en.wikipedia.org/wiki/Authorization
http://en.wikipedia.org/wiki/Accounting_software
References
http://searchsecurity.techtarget.com/definition/authentication
http://searchsoftwarequality.techtarget.com/definition/authorization
From this post, I understand how AAA works and how much advantages it has and the fact that AAA has three different components and how each component works and what exactly does it do. The use of examples has allowed me to better understand how each component actually seems like instead of just explanation which might give problems when attempting to picture it. This post also gives me an idea of the flow of things..which comes first and after.
ReplyDeleteThis post is very interesting and easy to understand. I have learn a lot about how authentication, authorization and accounting can be used as a measure for security architecture from your post. The explanation u gave on authentication, authorization and accounting are quite less. Hence, I would suggest that maybe you can give more examples on how AAA works and how it can help us. You can also elaborate more on the key points of AAA so that readers like myself will be able to understand more. Also, maybe you can add pictures or videos to let readers like myself have a even better and clearer knowledge on what AAA are all about.
ReplyDelete