Talk:Authentication
From Wikipedia, the free encyclopedia
 |
This article is part of WikiProject Education, a collaborative effort to improve Wikipedia's coverage of education and education-related topics. Please participate by editing the article, and help us assess and improve articles to featured and 1.0 standards, or visit the WikiProject page for more details. |
| Portal | |
| B | This article has been rated as B-Class on the quality scale. |
| ??? | This article has not yet received a rating on the importance scale. |
Contents |
[edit] Authentication vs. authorization
It should be noted that the problem of authentication is not equivalent to the problem of authorisation. This article confuses the two!
The article needs to be split into two cross-referenced articles about these two closely related but different topics. The differences are subtle, and someone should write about them.
Strictly speaking, the types of authentication are:
- Something only the user is
- Something only the user has
- Something only the user knows
It is not really authentication (or at least, not good authentication) if the user is not the only one in possession of a particular credential.
There is also a fourth, seldom mentioned method of authentication that is often used but almost always in combination with at least one of the other forms:
- Some place the user is
(unsigned request)
[edit] Identity vs. message
Consider the following circumscription of authentication in the current version of the article:
"However, more precise usage describes authentication as the process of verifying a person's identity..."
Doesn't this definition describe what one usually means by "identification"? Or put in other words: what is the difference between authentication and identification (if there is at all any)? Does identification correspond to "entity authentication" (as it is called in the Handbook of applied Cryptography)? What is the general difference between "entity authentication" and "message authentication". Unfortunately, I have not yet seen convincing definitions for these notions in the cryptographic literature- does anyone know about a good reference?
(unsigned comment)
[edit] Authorization without authentication
"Since authorization cannot occur without authentication, the former term is sometimes used to mean the combination of authentication and authorization."
Is this true? Consider baseball tickets. They establish my authorization to be in the park, without any authentication of my identity. Not modifying the article myself, as I'm not sufficiently confident I haven't missed something.
(unsigned comment)
- When checking your ticket, the stadium staff first need to authenticate that the originator of the ticket was a specific entity. Then they also need to ensure that this entity is authorized to grant tickets. It is only the message being authenticated, not the identity of the bearer. -- Beland (talk) 19:07, 27 May 2008 (UTC)
[edit] Expansion request
Authentication is a problem which pre-dates computers. This article, or a companion article, should cover problems and methods in non-electronic authentication. (Think spies, art forgery, criminal investigations, etc.) -- Beland 00:09, 3 October 2005 (UTC)
- I've added some coverage of such things, but the History section needs filling in. -- Beland (talk) 18:59, 27 May 2008 (UTC)
[edit] Citation request
The article mentions "Historically, fingerprints have been used as the most authoritative method of authentication, but recent court cases in the US and elsewhere have raised fundamental doubts about fingerprint reliability." Is this actually the case? A citation of source would be helpful. —Preceding unsigned comment added by 70.168.37.69 (talk) 17:31, 5 September 2007 (UTC)
[edit] Authenticity & the Protocols of Zion
I'm a bit surprised that the concept of Authentication is so rarely used in relation to the Protocols of the Elders of Zion: Fraud, fake, hoax, forgery, plagiarism, etc., but not inauthentic. --Ludvikus (talk) 01:42, 16 April 2008 (UTC)
