Site home page
Get alerts when Linktionary is updated
Book updates and addendums
Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)
Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!
Contribute to this site
Electronic licensing info
Authentication and Authorization
Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.
According to RFC 2828 (Internet Security Glossary, May 2000), authentication is "the process of verifying an identity claimed by or for a system entity." The key word here is verify, and the correct terminology is to say that "an authentication system verifies an identity."
Authentication can provide assurance that users (or systems) are who they say they are. Authorization refers to a user's ability to access resources on a network, usually based on user account rights and privileges. Refer to "Access Control" for details about how authenticated users are allowed to access system resources.
Authentication may be performed directly on the computer that the user is attempting to access, but in distributed environments, the user account and security information are usually stored and managed by a special security server. When a user logs on, the username and password are verified with the security server. Done properly, passwords are never sent across the wire. It is essential that the user's password be kept private and never cross the network, especially as readable text where eavesdroppers could easily capture the information and use it to access secure systems by masquerading as the user. Instead, unique handshake schemes are used to authenticate users in a secure way as discussed here.
While stand-alone security servers provide many benefits (centralized security and security management), authenticating users in distributed environments presents a number of interesting challenges.
This topic continues in "The Encyclopedia of Networking and Telecommunications" with a discussion of the following:
IETF Working Groups and RFCs related to Authentication
There are several IETF working groups related to authentication, authorization, and accounting. These are listed here. Refer to these groups for more information, including working documents and a list of related RFCs.
A number of Internet RFC are worth investigating to further your knowledge of this topic. The most important are listed below.
RFC 1704 (On Internet Authentication, October 1994)
Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.