Access Control Services
Access control systems provide three essential services:
We devote a subsection to each of these services.
Authentication (who can log in) is actually a two-step process consisting of identification and authentication (I&A). Identification is the means by which a user (subject) presents a specific identity (such as a username) to a system (object). Authentication is the process of verifying that identity. For example, a username/password combination is one common technique (albeit a weak one) that demonstrates the concepts of identification (username) and authentication (password).
Authorization (also referred to as establishment) defines the rights and permissions granted to a user account or process (what you can do). After a system authenticates a user, authorization determines what that user can do with a system or resource.