Autentification, authorization and administration

Basic concepts and classification. It depends on each entity registered in the computer system (user or process acting on behalf of the user) and the information that identifies it in one sense. This can be a number or a string of characters that names the subject. This information is called the subject identifier. If a user has an identifier registered on the network, he or she is considered a legal or otherwise illegal user. Before using computer resources, the user must go through the process of identification and authentication of the computer system. Password-based authentication. One of the most common authentication schemes is simple authentication, which is based on the use of traditional multiple passwords. A simple user authentication procedure for a network can be imagined as follows. When a user tries to use the network, he types his ID and password on the computer keyboard. This information is sent to the authentication server for processing. A reference is found in the database for the user ID stored on the authentication server, from which the password is found and compared with the password entered by the user. Certificate-based authentication. When the number of users on a network is measured in millions, the initial user registration process associated with assigning and storing user passwords can be very large and difficult to implement. In this case, authentication based on digital certificates is a rational alternative to the use of passwords. When digital certificates are used, the computer does not store any information about network users. Such information is provided by the users themselves in the request-certificates. In this case, the responsibility for storing confidential information, especially secret keys, rests with the user[1,2].