What is Authentication, known also as Access control, Identification, or AuthN?


Authentication is the process that establishes the identity of a user who accesses a resource of an application (page, image,…)

It's abbreviated as AuthN for authentication versus AuthZ for authorization.

The process validates who you are.

The authentication mechanism (a user/password form for instance) starts when the user:

  • needs to access a secured resource such as an admin page
  • starts the authentication process (click on the login page or call the login function)

The system or function that validates the authentication is referred to as an (Identity|Authentication) Provider (ie user store).

The process of creating, submitting, and verifying credentials is described simply as authentication, which is implemented through various authentication protocols

What happened after a successful identification?

After a user (human or process) has been authenticated, if the authentication store is:

  • session based, the session that holds all the navigation context data is updated and goes from a anonymous, to an authenticated state with the user identity.
  • token based, a access token is delivered to the process to be used in every subsequent request.

The next critical aspect in security building is the authorization step.


Basically, there are three ways to authenticate an individual:

  • by something the person knows,
  • by something the person has,
  • and by something the person is.

All these ways have been used from prehistory until the present day, and they all have different security properties and trade-offs.

More … Authentication Ways - something the person knows, has or is

Multiple Techniques (MFA)

Better authentication systems use two or more methods.

  • An ATM, for example, uses “something the person has”—an ATM card—and “something the person knows”—a PIN. (Then it takes the person’s picture, for audit purposes.)
  • A passport is a physical card that is hard to counterfeit and contains a photograph.
  • The door-locking device may uses both a PIN and a hand-geometry scanner.

See Multi-Factor Authentication (Mfa / 2fa)

Identification is not authentication

Systems that confuse identification with authentication can have significant insecurities.

Some systems use the last four digits of a Social Security number as an authentication code, even though a Social Security number is a public identification number.

  • You can’t change it.
  • You can’t prevent others from having it.

It’s a unique identifier, but it’s hardly a secret: a good number to identify me by, but a terrible one to authenticate me by.

Your mother’s maiden name is a similarly lousy authentication code.

Provider (ie User Store)

An Authentication Provider implements the authentication method.

See What is an Authentication / Identity) Provider ? ie user store

Documentation / Reference

Discover More
Card Puncher Data Processing
(Web|Mobile) Analytics - User (Visitor Identity)

id he unique ID of the identify call itself received_at When the page or screen call was received sent_at When the page or screen call was triggered by the user number of unique users by each...
Anonymous Identity / User (Public)

(Public) A anonymous is a user or an application client that has not been authenticated. The level of anonymity should be defined as even if you are not logged in, the application may know who you...
Authentication / Authorization Protocol / Flow

Authentication - Authorization Protocol / Flow are framework that describes a procedure to authenticate and authorize a client. (OpenId)
Authentication Server

The is the server that performs the authentication and optionally provides identity material.
Authentication Ways - something the person knows, has or is

Basically, there are three ways to authenticate an individual: by something the person knows, by something the person has, and by something the person is. All these ways have been used from...
Cryptography - Nonce (Number Only used once)

In cryptography, a nonce is an arbitrary number that can only be used once. A value that is used only once. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random...
Thomas Bayes
Data Mining - Intrusion detection systems (IDS) / Intrusion Prevention / Misuse

Classical security mechanisms, i.e. authentication and encryption, and infrastructure components like firewalls cannot provide perfect security. Therefore, intrusion detection systems (IDS) have been...
Federated Identity

is the possibility to regroup several identities under one from identity provider It's the ability: to require a user to sign once and gain access to different applications. single sign-on...
Model Funny
Function - One way

With a one way function, it should be hard to determine the original input when only the output is known. They are fundamental tools for: cryptography, authentication, and other data security...
Yarn Hortonworks
HDFS - (User) Authentication, Identification

in HDFS. See also: adminusers User identity mechanism is specified by the configuration property: hadoop.security.authentication simple: same as OS kerberos The user is the Linux user....

Share this page:
Follow us:
Task Runner