Handling Authentication
Authentication is another one of those subjects that easily warrants a book of its own. To enforce the Rule of Least Privilege, we must have some way to uniquely identify subjects that desire access to objects. Authentication is the means by which we determine who a subject is, and authorization is the process of verifying the subject's right to access an object. Authentication and authorization are often the first means, and sometimes the only means by which organizations protect their resources. There are various grades of authentication and many methods of managing an authentication infrastructure. Here, I will cover authentication and authorization as they relate to the rules of security.
Authentication Is Everywhere ...
Get Inside the Security Mind: Making the Tough Decisions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
