Talk:Authentication
From Wikipedia, the free encyclopedia
It should be noted that the problem of authentication is not equivalent to the problem of authorisation. This article confuses the two!
The article needs to be split into two cross-referenced articles about these two closely related but different topics. The differences are subtle, and someone should write about them.
Strictly speaking, the types of authentication are:
- Something only the user is
- Something only the user has
- Something only the user knows
It is not really authentication (or at least, not good authentication) if the user is not the only one in possession of a particular credential.
There is also a fourth, seldom mentioned method of authentication that is often used but almost always in combination with at least one of the other forms:
- Some place the user is
Consider the following circumscription of authentication in the current version of the article:
"However, more precise usage describes authentication as the process of verifying a person's identity..."
Doesn't this definition describe what one usually means by "identification"? Or put in other words: what is the difference between authentication and identification (if there is at all any)? Does identification correspond to "entity authentication" (as it is called in the Handbook of applied Cryptography)? What is the general difference between "entity authentication" and "message authentication". Unfortunately, I have not yet seen convincing definitions for these notions in the cryptographic literature- does anyone know about a good reference?
[edit] Expansion request
 |
Please help improve this article or section by expanding it. Further information might be found on the talk page or at requests for expansion. |
Authentication is a problem which pre-dates computers. This article, or a companion article, should cover problems and methods in non-electronic authentication. (Think spies, art forgery, criminal investigations, etc.) -- Beland 00:09, 3 October 2005 (UTC)
