|Definition of Identification
Information (an identifier) which a user wishing to utilize resources, uses to differentiate themselves from all other entities.
Without identification, there is no basis for granting authorizations or maintaining accountability
|Identification Vs Authentication
- Identification - Who are you? (e.g., unique user-ID)
- Authentication - Prove who you say you are (e.g., password)
Note: “User” - Could be a person, program, process, network or hardware.
|Key security philosophies for identifiers
- Unique: All users must have a unique identifier: Establishes accountability for actions.
- Universal: The same type of identifier should be available from all users accessing a particular system:
- Simplifies administration
- Identification issues also impact privacy.
- User-ID (network/application access)
- Company badge (building/room access)
- Smart Card (logical or physical access) or Digital Certificate (logical access)
- Can combine both identification & authentication.