ITM 207 Chapter Notes - Chapter 3-4: Alice B. Toklas, Token Coin, Authenticator

Itm 820- chapter 3 [user authentication] & chapter 4 [access control] The rfc 4949 standard defines user authentication as follows: the process of verifying an identity claimed by or for a system entity. For example, user alice toklas could have the user identifier abtoklas. This information needs to be stored on any server or computer system that alice wishes to use, and could be known to system administrators and other users. A typical item of authentication information associated with this user id is a password, which is kept secret (known only to alice and to the system). If no one is able to obtain or guess alice"s password, then the combination of. Alice"s user id and password enables administrators to set up alice"s access permissions and audit her activity. Because alice"s id is not secret, system users can send her e-mail; but because her password is secret, no one can pretend to be alice.