Authentication

Authentication occurs when a credential is used to identify something or someone, typically in the process of granting authorization to perform an action. This chapter looks at the concepts of authentication and how they are related to authorization. Authentication involves four concepts: Principals, Credentials, Domains, and Authorization. These concepts work together to enable an authorization-based system to make decisions. Many enterprise IT organizations struggle with managing high value credentials and credential exposure. Today, many organizations manage their own authentication system in-house. These systems are not always as well-protected as the big-name authentication providers which are under constant attack. The secret in a credential is the portion which validates the identity of its associated principal. The subject of a credential identifies the principal being authenticated. In enterprise authentication, endorsements are used to identify group membership. This enables clients to determine a principal’s group membership during authorization checks without repetitive calls back to the server.