Wednesday, March 10, 2010

Authentication and Access Control

"Authentication is any process by which you verify that someone is who they claim they are. Otherwise the process of identifying an individual usually based on a username and password is what we call as authentication.

"Access control is a much more general way of talking about controlling access to a resource. Access can be granted or denied based on a wide variety of criteria."

To understand it better let me explain these with an example.

I hope you all are familiar with 'Windows XP user accounts'.

Consider both Administrator and Guest accounts. And also consider you have set the password for Administrator account.

Say, you want to sign in as ‘Administrator’. That means you are going to claim yourself as 'Administrator'. For that you need to give the corresponding password for the administrator account. Then only the system will allow you to login. For simple understanding we can consider 'Authentication' as a process of ‘user credential verification'.

Now let us think about the difference between Administrator Account and Guest Account. Both are user accounts but the difference here is that Administrator has more privileges than Guest i.e. Administrator can do more things in the system than a guest can. For instance, Administrator can change date/time of the system but the guest cannot.These kind of controlling the access based on some criteria we call it as access control.

These criteria in IDM we normally control by defining 'Roles' and 'Policies'. This you will understand better when you start working on any IDM suite.


Post a Comment