Comparing Identification and Authentication

A key part of any access control system is the identification of individuals. If you can’t identify individuals, everyone is anonymous. If everyone is anonymous, there is no way you can control access to different resources. Either everyone has access or no one does.

However, if you are able differentiate between different users, you can grant access to some users while denying access to other users. This process starts with identification. In many authentication systems, the identity of a user is simply the user’s name. The user professes to be a specific person by using that person’s logon name, and they validate the identity by providing additional authentication, such as a password.

EXAM TIP Identification ...

Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.