CSCI 4531 Lecture 6: Chapter 3: User Authentication

Rfc 4949 defines user authentication as: the process of verifying an identity claimed by or for a system entity . Fundamental building block and primary line of defense. Basis for access control and user accountability. Presenting an identifier to the security system. Presenting or generating authentication information that corroborates the binding between the entity and the identifier. The four means of authenticating user identity based on: ** this is dynamic because it varies ** + describes an organization"s degree of uncertainty that a user has presented a credential that refers to his or her identity. + the degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued. + the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued. + level 1: little or no confidence in the asserted identity"s validity.