2.4 Summarize authentication and authorization design concepts. Flashcards
Authentication is the act of proving a claimed identity using one or more authentication factors.
Authentication Methods
A managed list of network resources. It is effectively a network index or network telephone book of the systems and their shared resources.
Directory Services
Used to allow clients to interact with directory service resources. LDAP is based on x.500 and uses TCP ports 389 and 636. It uses a tree structure with a district root.
Lightweight Directory Access Protocol (LDAP) (Directory Services)
Federation or federated identity is a means of linking a subject’s accounts from several sites, services, or entities in a single account.
Federation
Attestation is proof or evidence of something. In some circumstances, attestation is when something is signed by a witness to prove its origin or veracity.
Attestation
Tokens or synchronous dynamic password tokens that are devices or applications that generate passwords at fixed time intervals.
Time based-one on one - time password (T0TP) (Technologies)
Tokens or asynchronous dynamic password tokens that are devices or applications that generate passwords based on a nonrepeating one-way function, such as a hash or HMAC operation.
HMAC - based one-time passwords
Short message service (SMS) or texting can be used as a mechanism of two-step authentication.
Short message service (SMS)
A form of authentication factor that is something you have. It’s usually a hardware device, but it can be implemented in software as a logical token.
Token (key)
A static code is a value that does not change. It is the same value each time it is used, even when used by multiple subjects.
Static Code
Authentication applications are software products that assist with logons. These can include credential managers as well as TOTP/ HOTP apps.
Authentication applications
Occurs when a website or online service sends the customer/user a message through an installed mobile app that is then automatically displayed to the user.
Push Notifications
An alternate authentication option that involves calling the user/customer either to provide them a code or passphrase or to answer questions.
Phone Call authentication
Credit card–sized IDs, badges, or security passes with embedded integrated circuit chips. They can contain information about the authorized bearer that can be used for identification and/or authentication purposes.
Smart card(s) (authentication)
The collection of physical attributes of the human body that can be used as authentication factors (something you are).
Biometrics