Here are the AAA of security: Authentication, Authorization, and Accounting.
Authentication – is when you are identified with proof that it’s you and not somebody else. This can be done using the following methods:
- Something you know – like a username and password.
- Something you are – like your retina scan or fingerprint.
- Something you have – like a passport, driver’s license, or a token.
- Something you do – like your signature, the way you speak or walk.
- Somewhere you are – like your location.
Authorization – is when you are already authenticated and based on who you are and what type of access you have you can access only data or resources you are allowed to – nothing else.
Accounting – is tracking of data and resources the user accessed or tried to access to have proof of the action taken. This is called Non-repudiation – so there is proof of an action taken by a specific person. So, in case some damage was caused it is possible to identify who exactly did that and ask questions.
An example of AAA in action is when you would access a system – like your bank account via your mobile application. You are authenticated when you provide your user name and password and you are authorized to access only data which is specific to you. From the accounting perspective when you make a transfer this information is logged and if you will try to debate on this at the bank – they most likely will provide you with proof that it was actually you who did the transfer. Surely, online banking systems are much more complex but I hope you got the idea of three A’s in security.
