Authenticate and Authorize Your Users Through Access Entitlements
Authentication Management
Authentication management represents the process through which a subject provides valid credentials to satisfy the access requirements of the application, service or system to which the subject is trying to access. Reduced sign-on technologies centralize or seek to rationalize these authentication mechanisms in such a manner that multiple applications, services, and systems may rely on a central store for authentication or provides for synchronization of the subjects credentials so as to limit the number of credentials per user and improve the end-user experience.
Authentication Protocols
Authentication Protocols & Standards which prescribe how to present an authenticated subject; include Kerberos, SAML / Liberty, WS-*, OAuth, LDAP and application-specific standards, such as Windows NTLM.
VERIFICATION AND VALIDATION
Mechanisms to verify a subject’s credentials and provide a level of assurance as to the validity of the credential; also concerned with authentication policies and password policies.
Authentication Protocols
Authentication Protocols & Standards which prescribe how to present an authenticated subject; include Kerberos, SAML / Liberty, WS-*, OAuth, LDAP and application-specific standards, such as Windows NTLM.
Authorization Management
Traditionally, IT systems and applications each have their own implementation for authorization management or, more precisely, Access Control. This means that a user has an account for each system/application he or she uses and each system/application has its own permission structure and method of permission assignment.
RESOURCE IDENTIFICATION AND MANAGEMENT
Provides for centralized inventorying, labeling, and general management of IT assets.
ATTRIBUTE BASED AUTHORIZATION
Provides for granting resource access to a specific user to granting access based on the value of a user’s attributes. While user authentication is still required the access is no longer granted via a specific ACL. Instead at the point of authentication, a decision is made based on the value of specific attributes whether or not access should be granted.
ROLE-BASED AUTHORIZATION
Provides for modeling of access to IT assets based on information about the user, e.g. department, job function, location, etc., to automate access provisioning and validate the appropriateness of entitlements that are granted.