Access Control Fundamentals

In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.

7. Identification Authentication and Authorization

Identification describes a method of ensuring that a subject is the entity it claims to be. E.g.: A user name or an account no.

Authentication is the method of proving the subject's identity, e.g. Password, Passphrase, PIN.

Authorization is the method of controlling the access of objects by the subject. E.g.: A user cannot delete a particular file after logging into the system.

Note: There must be a three-step process of Identification, Authentication, and Authorization in order for a subject to access an object