Currently, access to services on networks requires a user to go through a registration phase before the service is rendered to the user. Registration can be carried out by a service administrator or by the users themselves. The service administrator has the right to grant access rights to the users. A user may be allowed to login as a “guest” which has the same password for all user logging in or “anon” which may not require any password. However, most usually in order for this user to access the services, he again would need to register himself.
An example of basic authentication, e.g. as specified in HTTP authentication, is where there is a list of usernames, the user's associated password and access rights stored at the Server performing the Access Control. The entry into the user list can be carried out during registration. Registration can be carried out by the administrator or user. It requires a user to register his/her userid and a corresponding password. The next time this user is prompted for login, the user needs to produce this same registered userid and password to be authenticated.
Alternatively, a user can also register itself by going to an automated registration page which allows the user to key in his/her personal particulars. The user can also key in his/her preferred password, which will be used for subsequent logins. Alternatively, passwords can be assigned and sent to the user separately, e.g. via email, text message from phone or mail. The next time the user logs in, he/she has to use the assigned password. Usually, user is only allowed to change his/her password after logging in.
The registration process is an adequate method for checking the identity of frequent users during the authentication process. It enables easy checking on both the user identification and the access rights assigned to it. However, registration of users requires a database of user information to be maintained. As the list of registered users grows, the entries in the database are increased and become difficult to maintain. Hence, in order to maintain a database of reasonable size, ad-hoc users who would like to gain network and use some services only on a temporary basis, and who most likely will not access the same network again, should not need to go through the registration process. Similarly, where registered users seek e.g. a temporary extension of their registered access rights to different services, those registered users, should not need to go through effectively a re-registration process. Therefore other means of authentication and authorization of users of networks may be desired.