jess LAND
       www.jessland.net
        Sponsored by:       
One eSecurity
www.one-esecurity.com
JISK Knowledgebase >>    About    News    Essentials    Architecture    FWs    IDS/IPS    Honeypots    Malware    Forensics   
  +  JSS Home    Projects    JSS Community    Events    News    Docs    About    Contact .

JISK > Essentials > Areas > AAA Essentials Section Map

AAA - Authentication, Authorization & Accounting

Content Leader: Jess Garcia - Last Updated: December 24, 2006


AAA (Authentication, Authorization, and Accounting) is a model for access control.

Authentication

  • Authentication is the process by which a computer, computer program, or another user attempts to confirm that the computer, computer program, or user from whom the second party has received some communication is, or is not, the claimed first party.
  • In summary (as stated in the Tech-FAQ):
  • Authentication is proving who you are.

Single or multiple factor authentication

  • There primarily are three authentication approaches, based on:
  • Something you, and only you, know (e.g. a password).
  • Something you, and only you, have (e.g. a token).
  • Something you, and only you, are (e.g. a fingerprint).
  • These three approaches can be used individually or combanied.
  • If only one is used, you have a one factor authentication.
  • When you combine two of them, you have a two factor authentication.
  • When you combine the three of them, you have a three factor authentication.
  • As it turns obvious, having three factor authentication is more secure than single factor authentication.

Books

  • Protocols for Authentication and Key Establishment
  • Authentication: From Passwords to Public Keys

References

Authorization

  • In summary (as stated in the Tech-FAQ):
  • Authorization is defining what you are allowed (and not allowed) to do.
  • Authorization must follow Authentication, because before the identity management system can determine what you are authorized to do, it must first determine who you are.

References

Accounting

  • In summary (as stated in the Tech-FAQ):
  • Accounting is keeping track of what you do.

Copyright © 2000-2008 Jessland - Jess Garcia's Website - All rights reserved.