Identification – Who are you?
- Unique why of identifying
- Username, Email address, Account Number, Employee Number, ID Badge, MAC Address, RFID tag
- Generally public information
Authentication – Proving who you are
- Something you know, you are, you have, you do
- Single Factor / Multi Factor
- Would a PIN and a password be Single or Multi factor
Authorization – What can I do?
- Roles, Groups, Location, Time
- Should default to no access
- Need to Know – access to data only for NTK for their duty
- Least Privilege – give minimum amount of privilege