4.1 Compare and contrast identity and access management concepts

Question 1

Identification, authentication, authorization, and accounting (AAA)

Answer 1

Identification—you need to ensure that customers are legitimate.

Authentication—you need to ensure that customers have unique accounts and that only they can manage their orders and billing information.

Authorization—you need rules to ensure customers can only place orders when they have valid payment mechanisms in place.

Accounting—the system must record the actions a customer takes (to ensure that they cannot deny placing an order, for instance).

Question 2

Something you are

Answer 2

Employs some sort of biometric recognition system.

Question 3

Something you have

Answer 3

Examples include a smart card, USB token, or key fob that contains a chip with authentication data, such as a digital certificate.

Question 4

Something you know

Answer 4

The logon: this comprises a username and a password.

Question 5

Somewhere you are

Answer 5

Location-based authentication measures some statistic about where you are. This could be a geographic location, measured using a device’s location service and the GPS

Question 6

Something you do

Answer 6

Refers to behavioral biometric recognition. Rather than scan some attribute of your body, a template is created by analyzing a behavior, such as typing or writing a signature.

Question 7

Transitive trust

Answer 7

Trust extends to other trusted domains. For example, if Domain A trusts Domain B, and Domain B trusts Domain C, then Domain A also trusts Domain C.

Question 8

Federation

Answer 8

The notion that a network needs to be accessible to more than just a well-defined group, such as employees.

Question 9

Single Sign-on

Answer 9

Means that a user only has to authenticate to a system once to gain access to all the resources to which the user’s account has been granted rights.