Identification Authentication Authorization Accounting and IAM

Question 1

Identification:

Answer 1

A unique identity within any given system, digital or otherwise.

ex. a social security number
ex. a username and password
ex. a fingerprint

Credentials represent identification, (not authentication. Authentication refers to the process of proving authenticity via credentials).

Question 2

Authentication:

Answer 2

As stated earlier, authentication is the process of utilizing your unique credentials to be authenticated to a system.

Question 3

Authorization:

Answer 3

Defines what an individual or individuals can do within a system. What they can access, where they can go, what actions they can take, etc.

Question 4

Accounting:

Answer 4

The process of logging and creating accounts of all actions that have been taken within a system.

Fully-arsed example:
Premise:
PC breaks, company has an active warranty, they call for the PC to be fixed.

The technician associated with the PC’s producer comes to the company to fix the PC.
They present their identity in order to authenticate themselves as the technician.
Their identity is logged (accounting).
They are given authorization to go to the PC’s location, fix it, and then leave.
Everything that they do within the company during this process is logged.
Who are they ?
When did they arrive ?
Why are they here ?
Did they accomplish their task ?
When did they leave ?
etc, all that gud kush.

Question 5

Identity and Access Management (IAM):

THIS IS SOME BIG IMPORTANT SHIT: don’t forget the acronym (vvvv)
»> Identity and Access Management = IAM «

Answer 5

General notes:

• IAM is a framework of practices used by businesses.
• it’s pretty extensive. Some major honk to this bad boy. By Ermin’s words, you could have a full novel’s worth of paper to write out an in-depth report of all the processes held within this concept, and you wouldn’t even come close to covering it.
• Compliance Auditing is the process of auditing your company in order to make certain that you remain compliant with all laws and regulations (these regulations could also be set into place by the company itself)

Major concepts (I think):

• there are two major portions of IAM: “Access Management” and “Identity Management”
• Authentication and Authorization belong to Access Management
• User Management and Enterprise Directory Service belong to Identity Management
• under Authentication, there is: Single Sign On, Session Management, Password Service, Strong Authentication, Multifactor Identification
• under Authorization, there is: Role based Authorization, Rule based Authorization, Attribute based Authorization, Remote Authorization
• under User Management, there is: Delegated Administration, User and Role Management, Provisioning, Password Management, Self Service, Compliance Auditing
• under Enterprise Directory Service, there is: Directory Service, Data Synchronization, Main Directory, Virtual Directory
• explanation of Enterprise Directory Service, plagiarized from dummies.com:
  a directory service is a customizable information store that functions as a single point from which users can locate resources and services distributed throughout the network. This customizable information store also gives administrators a single point for managing its objects and their attributes
  ex. Google, Dropbox, etc.