The data processing community has become increasingly dependent on secure and reliable access to services on the Internet and other distributed network environments. Meeting these challenges has required a technology architecture designed to provide a comprehensive framework for enterprise-based identification, authentication and authorization (IAA).
Identification refers to the ability to identify users reliably and consistently, preferably with a single identifier, globally throughout the enterprise. This functionality may be provided by a directory system that maps an external identifier, representing an entity name, to an internal invariant identifier known throughout the system.
The second component, authentication, typically uses cryptographic techniques to perform identity verification. The process of authentication guarantees that the user requesting a service or access to information is the person or system element that is actually the possessor of the identity. A number of techniques that rely on a shared secret known to both the user and requested service are available for carrying out such processes.
The third component, authorization, refers to what a properly authenticated identity is permitted to do with a networked object or information resource. A highly granular authorization technique provides a mechanism for customizing delivery of information to an identity.