Re: Authentification classifications
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 04/27/04
- Previous message: Marc Jaeger: "Authentification classifications"
- In reply to: Marc Jaeger: "Authentification classifications"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Apr 2004 08:59:56 -0600
marc.jaeger@laposte.net (Marc Jaeger) writes:
> Hi everybody,
>
> I try currently to make a classification of every authentication
> methods that exist.
>
> I have noted as authentication methods : /etc/passwd, Windows SAM
> file, Active Directory, NIS, PAM, Kerberos, PAP, CHAP, EAP, RADIUS,
> NTLM, SASL, SSL, TLS, NDS, TACACS, IPsec, ISAkmp, pki, ..., MD5,
> 3DES, LDAP,...
another classification/taxonomy for authentication is what does the
authentication really represent ... i.e. 3-factor authentication:
1) something you know
2) something you have
3) something you are
furthermore most of the factors can either be implicit or explicit and
can either utilize shared-secrets or non-shared-secrets.
this is "authentication method" with respect to the meaning of the
authentication as opposed to the implementation authentication
product/mechanism.
passwords then tend to be
a) something you know and
b) shared-secret
it is possible to have a hardware-token implementation that only
operates in a specific way when the owner imputs the correct PIN into
the token. the infrastructure then infers by responses from the token
a) something you have (i.e. inferred because only the token could
provide the correct response)
b) something you know (i.e. inferred because only the token only works
with the correct pin)
c) non-shared secret (i.e. what is known is only inferred by the
operation of the hardware taken, the server side doesn't actually have
to verify what is known, only that it is known).
lots of posts about what does a server domain name certificate in SSL
really represent:
http://www.garlic.com/~lynn/subpubkey.html#sslcerts
misc. stuff on radius & kerberos:
http://www.garlic.com/~lynn/subpubkey.html#radius
http://www.garlic.com/~lynn/subpubkey.html#kerberos
some stuff about identity, authentication, and privacy:
http://www.garlic.com/~lynn/subpubkey.html#privacy
-- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
- Previous message: Marc Jaeger: "Authentification classifications"
- In reply to: Marc Jaeger: "Authentification classifications"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
