AAA and Identity Management Flashcards
Types of authentication where the user provides a secret that is only know by him on her. Ex. providing a password, pin or answering secret question
Authentication by Knowledge
NIST special publication which provides guidelines for authentication and passwords strength
NIST Special Publication 800-63B
Types of authentication where user is asked to provide proof that he owns something specific. Ex, system might require an employee to use a badge to access a facility. Use of token or smart card,OTP
Authentication by ownership
Type of authentication that authenticate user based on some physical or behavioral characteristic, sometimes referred to as biometric attribute. Eg, fingerprints, facial recognition, retina and iris, palm and geometry, blood and vascular info, voice recogntion. Eg of behavioral characteristics : signature dynamic - key stroke
Authentication by Characteristics
Authentication when only one factor is presented. Eg password
Single factor authentication
Authentication when two or more factor are presented
Multi factor authentication
Company acquired by Cisco. Very popular multifactor authentication solutions that is used by small , medium and large organization. Provides protection of on-premises and cloud-based application. Done by preconfigure solutions and generic config via Radius, Security Assertion Markup Language (SAML) , LDAP and more
Duo security
Another component of Duo Solution. Provides multifcator authentication access to cloud based application
Duo Access Gateway
Assumes that no system or user will be trusted when requesting access to corporate network, system and application hosted on on-premised or cloud. you must first verify their trustworthiness before granting access.
Zero Trust
Based on Google’s own implementation of a “zero-trust” model which shift access control from the network perimeter firewalls and other security devices to individual devices and users.
BeyondCorp
Concept of centralised identiy is also referred as?
It handles authentication, authorization, user attribute exchange and user management
Federated Identity
- Elements that are part of an SSO
- Call external API to authenticate and authorize users. Is also used to make sure that applicaitons and services do not store password and user information on-site
Delegation
- Elements that are part of an SSO
- Is an SSO environment where all resources and user and link to a centralised database
Domain
- Elements that are part of an SSO
- A vector through which identity can be confirmed
Factor
- Elements that are part of an SSO
- A collection of shared protocols that allow user identities to be managed across organization
Federated Identity Management
- Elements that are part of an SSO
- An identity provider that offers single sign-on, consistency in authorization practices, user management and attribute-exchange practices between providers(issuers) and relying parties (applicaiton)
Federation Provider
- Elements that are part of an SSO
- A collection of domains managed by a centralized system
Forest
- Elements that are part of an SSO
- An application website, or service responsible for coordinating identities between user and clients
Identity Provider (iDP)
- Elements that are part of an SSO
- A ticket-based protocol for authenticaiton built on symmetric-key cryptography
Kerberos
- Elements that are part of an SSO
- A term in computing arhictecture referring to the serving of many users(tenants) from a single instance of an application.
Multitenancy
- Elements that are part of an SSO
- An open standard for authorization used by many API and modern appliation
OAuth
- Elements that are part of an SSO
- Another open standard allow third party services to authenticate users without clients needing to collect, store and subsequently become liable for a users login information
OpenID or OpenID connect
- Elements that are part of an SSO
- A type of authentication baed on tokens
Passwordless
-Elements that are part of an SSO
A type of identity provider originating in social services like google, facebook and twitter and so on
Web Identity