15 July 2019

💻IT: Authentication (Definitions)

"The process by which an entity proves to another entity that it is acting on behalf of a specific identity. The J2EE platform requires three types of authentication: basic, form-based, and mutual, and supports digest authentication." (Kim Haase et al, "The J2EE™ Tutorial", 2002)

"The process by which the identity of a user or process is verified." (Tom Petrocelli, "Data Protection and Information Lifecycle Management", 2005)

"A human or machine process that verifies that an individual, computer, or information object is who or what it purports to be." (J P Getty Trust, "Introduction to Metadata" 2nd Ed., 2008)

"A method of proving someone’s identity, especially if that someone is an authorized user of processes or resources." (Tomasz Ciszkowski & Zbigniew Kotulski, "Secure Routing with Reputation in MANET", 2008)

"Provides capabilities to authenticate users. These services may support multiple authentication mechanisms, such as user name/password, hardware token-based, biometric-based, and others." (Allen Dreibelbis et al, "Enterprise Master Data Management", 2008)

"(1) A legal evidentiary standard that, in the case of electronically stored information, ensures that the data and its associated metadata is accurate, complete, and has not been altered. Without authentication, data cannot be used as evidence. (2) A security function that defines the rules and responsibilities of individuals, applications, and devices for creating, reading, updating, and deleting data." (David G Hill, "Data Protection: Governance, Risk Management, and Compliance", 2009)

"The process by which the identity of a person or computer process is verified." (Judith Hurwitz et al, "Service Oriented Architecture For Dummies" 2nd Ed., 2009)

"A process designed to verify that an individual or a party are who they claim they are." (Alex Berson & Lawrence Dubov, "Master Data Management and Data Governance", 2010)

"The process of verifying the legitimate users of a resource. Often used synonymously with Identification and Authentication." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"(1) In data security, the process of verifying whether a person or software agent requesting a resource has the authority or permission to access that resource. (2) In data quality, the process of verifying data as complying with what the data represents." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"The process by which the identity of a person or computer process is verified." (Marcia Kaufman et al, "Big Data For Dummies", 2013)

"Verification of who a person or information resource claims to be that sufficiently convinces the authenticator that the identity claim is true. This is followed by an evaluation of whether that entity should be granted access to resources." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"the process that a user goes through to prove that he or she is the owner of the identity that is being used." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"The process of establishing the validity of a person’s identity." (Mike Harwood, "Internet Security: How to Defend Against Attackers on the Web" 2nd Ed., 2015)

"The process of providing additional credentials that match the user ID or user name." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"The process of verifying the credentials of a particular user of a computer or software system" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)

"Verification of the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system." (James R Kalyvas & Michael R Overly, "Big Data: A Businessand Legal Guide", 2015)

"A process by which an entity proves its identity to another party (e.g., authentication required by a user to log in or log on)." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"Verification of the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"Authentication is about validating the access request. When a user or a process tries to log into an application, system, or a database, it is important to verify its identity. One way to verify identity is through a username and password; a security token is another option. When the authentication takes place, all data exchange is typically encrypted to prevent theft during the authentication process." (Piethein Strengholt, "Data Management at Scale", 2020)

"A process that provides assurance of the source and integrity of information in communications sessions, messages, documents or stored data." (NIST SP 800-57 Part 1 Rev. 4)

"A process that provides assurance of the source and integrity of information in communications sessions, messages, documents or stored data or that provides assurance of the identity of an entity interacting with a system." (NIST SP 800-57 Part 2 Rev.1)

"A process that establishes the origin of information, or determines an entity’s identity. In a general information security context: Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system." (NIST SP 800-57 Part 2)

"A process that establishes the source of information, provides assurance of an entity’s identity or provides assurance of the integrity of communications sessions, messages, documents or stored data." (NIST SP 800-57 Part 1 Rev. 3)

"An authentication service is a mechanism, analogous to the use of passwords on time-sharing systems, for the secure authentication of the identity of network clients by servers and vice versa, without presuming the operating system integrity of either (e.g., Kerberos)." (Gartner)

"A security measure designed to protect a communications system against acceptance of fraudulent transmission or simulation by establishing the validity of a transmission, message, originator, or a means of verifying an individual's eligibility to receive specific categories of information." (CNSSI 4009-2015)

"Authentication is the process of verifying the claimed identity of a session requestor." (NIST SP 800-13)

"Provides assurance of the authenticity and, therefore, the integrity of data." (NIST SP 800-67 Rev. 2)

"Security measures designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific categories of information." (NIST SP 800-59)

"The corroboration that a person is the one claimed." (NIST SP 800-66 Rev. 1)

"The process of establishing confidence in the claimed identity of a user or system." (NISTIR 7682)

"The process of proving the claimed identity of an individual user, machine, software component or any other entity.  Typical authentication mechanisms include conventional password schemes, biometrics devices, cryptographic methods, and onetime passwords (usually implemented with token based cards.)" (NISTIR 5153)

"The process of verifying the authorization of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system." (NIST SP 800-47)

"The process of verifying the integrity of data that has been stored, transmitted, or otherwise exposed to possible unauthorized access." (NISTIR 4734)

"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system." (FIPS 200)

"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in a system." (NIST SP 800-12 Rev. 1)

"Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system’s resources." (NIST SP 1800-17c)

No comments:

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.