Select Page

Identity Management

CISSP

Identity Management based on the IAAA principles:

IAAA – Four Key Principles

  1. Identification/Assertion:
    • Purpose: Establish the identity of a user or system.
    • Process: Registration, where an individual’s identity is verified and a unique identifier (like a username or account number) is added to the system.
    • Output: Unique user identifiers, which can be a username, account number, or an issuance like a keycard.
  2. Authentication:
    • Purpose: Verify the identity asserted during the identification phase.
    • Process: The user provides private data (e.g., password, biometrics) to establish trust with the system.
    • Output: Validated identity that the system can trust, allowing the user to gain access based on the authenticated identity.
  3. Authorization:
    • Purpose: Define and monitor the resources and actions that an authenticated user is allowed to access.
    • Process: Based on the authenticated identity, the system grants or denies access to resources.
    • Output: Controlled access to resources, ensuring that users can only access what they are permitted to.
  4. Accountability:
    • Purpose: Ensure that actions can be traced back to the responsible party.
    • Process: Logging user activities, maintaining change logs, and implementing a change management process.
    • Output: A clear trail of who performed what actions, supporting auditing and forensic analysis.

Relationship Between Identity, Authentication, and Authorization

  • Identification: Provides uniqueness by ensuring each user has a unique identifier.
  • Authentication: Confirms the validity of the identity by verifying the credentials provided.
  • Authorization: Controls what resources the user can access based on their authenticated identity.

Logical Access Controls

  • MAC Address: A 48-bit identifier that was intended to be globally unique, but can be changed via software, making it not a strong tool for identification or authentication.

Tools and Processes

  • Registration: The initial step where identity is verified and recorded in the system.
  • Authentication Mechanisms: Methods like passwords, biometrics, or tokens used to verify identity.
  • Authorization Policies: Rules that govern what an authenticated user can access.
  • Logging and Monitoring: Ensuring that all actions are recorded to maintain accountability.

Understanding these principles and their interactions is crucial for implementing robust identity management and access control systems.

Latest Post:

Pin It on Pinterest