Term
| Digital Identity (definition) |
|
Definition
| A unique string used for tracking access to systems. |
|
|
Term
|
Definition
Assignments of department responsibilities to temporary workers.
User for:
1) Individual mailbox
2) Calendar delegation
3) Access to common drive.
4) Attendance tracking.
5) Should NOT be granted access to business applications. |
|
|
Term
|
Definition
Belong to a group or departments, not to any specific individual in that group or department.
May be assigned to an IT function or process. The person who is responsible for the use of the ID may or may not (but should) be the same person responsible for the function or process. |
|
|
Term
| Authentication (description and uses) |
|
Definition
1) Validates Identity
2) Complement (is not the same as) identity and entitlements.
3) Employs cryptographic mechanism and keys
4) unlocks resources gateways. |
|
|
Term
| Multifactor Authentication |
|
Definition
1) Something you know, e.g., password.
2) Something you have, e.g., badge.
3) Something you are, e.g., finger print. |
|
|
Term
| Authentication Features are driven by? (three things) |
|
Definition
1) Who is authenticated: drvies selection of optimal mechanism, e.g., human vs remote peer.
2) What is authenticated: define the gateway that is unlocked and what stays protected.
3) How does it work? Off the shelf, custom, or combination? |
|
|
Term
| Typical Authentication Process with password |
|
Definition
1) Workstation: User enters username and password.
2) OS Server: Server Application Program (SAP) DBMS Interface: Initialize database session using applciation user identifier.
3) OS Server: SAP DBMS Interface: Query database for stored user password (not a DBMS password)
4) Decrypt password (if stored encrypted) and compare to the password entered by user.
5) If no match, return message that login in invalid. Otherwise, grant access.
|
|
|
Term
|
Definition
1) Can refer to hiding the password displayed on the screen by showing dots instead of the actual password characters.
2) Can also refer to the appending of a common application password onto the end of a specific user password. This means that the full password can be protected. |
|
|
Term
|
Definition
| Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. |
|
|
Term
|
Definition
(Module 4) The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
|
|
|
Term
| Authorization/Entitlements (definiton) |
|
Definition
| What objects can the subject access and what actions (e.g., read, write, execute) is the subject allowed to perform on the objects it has access to. |
|
|
Term
| Access Control Level: Operating System |
|
Definition
– Rights to restrict, execute and/or manipulate
data and program files
– Rights to copy, rename, or delete data files
stored as OS files |
|
|
Term
| Access Control Level: DBMS |
|
Definition
– Rights to tables within data files
– Rights to create and execute procedures that
manipulate table structure and data |
|
|
Term
|
Definition
1) Bypass
2) Backdoors
3) Impersonation (i.e., spoofing)
4) Man-in-the-middle.
etc., etc. |
|
|
