|
|
|
|
|
|
by jgeada
791 days ago
|
|
|
Why do people keep (deliberately?) confusing identity with authentication (and authorization)? 1) Identity is not supposed to be a secret, it is merely who you claim to be. It is no more secret than someone's name. Somewhat similar to the public key in a public key cryptosystem. 2) Authentication is the proving that who you claim to be is actually who you are. Many systems fail or don't even perform this step. Failure to do this causes wrong attribution of problems, it is why identity theft is not a failure of the victim but of the provider: a bank just took identity as if it was authentication and gave an unauthenticated user invalid access 3) Authorization: does the person who we've authenticated to be the person they claim to be actually have permissions to do what they're attempting to do. Not everyone with legitimate access to a system has the authorization to do everything. For example, maybe you can read a file, but not modify it. |
|
|
My weight, height, eye color should only be as public as i make it. Thats all part of my identity.