Identification, Authentication, and Authorization
If you’re studying for one of the security certifications like CISSP, SSCP, or Security+ it’s important to understand the difference between identification, authentication, and authorization. These concepts are intertwined, but have specific differences. When looking at these topics, especially for the SSCP and CISSP exams, it’s important to understand the differences between subjects and objects.
- Subject. A subject is the active entity that accesses an object. For example, when a user accesses a file, the user is the subject. Other subjects include programs, processes, and any entity that can access a resource.
- Object. An object is a passive entity that is being accessed by a subject. For example, when a user accesses a file, the file is the object. Other objects include databases, computers, printers, or any other resource that can be accessed by a subject.
Pass the Security+ exam the first time you take it.
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
Identification
Identification occurs when a user (or any subject) claims or professes an identity. This can be accomplished with a username, a process ID, a smart card, or anything else that can uniquely identify a subject. Security systems use this identity when determining if a subject can access an object.
Security+ Full Access Package
 | Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based
questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.
Buy The Full Access Study Package Today
60 Days Access
Need more time?
You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:
- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Realistic SY0-601 Security+ Practice Test Questions
- Performance-based questions.
- All of the flashcards from the study guide. View them in any Web browser. See demo here
- All of the audio from the study guide.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Looking for quality Practice Test Questions for the SY0-401 Security+ exam?
CompTIA Security+: Get Certified Get Ahead- SY0-401 Practice Test Questions
Authentication
Authentication is the process of proving an identity and it occurs when subjects provide appropriate credentials to prove their identity. For example, when a user provides the correct password with a username, the password proves that the user is the owner of the username. In short, the authentication provides proof of a claimed identity.
There are several methods of authentication that I’ll cover in another post, but in short they are:
- Something you know, such as a password or PIN
- Something you have, such as a smart card, CAC, PIV, or RSA token
- Something you are, using biometrics
Security+ (SY0-601) Practice Test Questions
SY0-601 Practice Test Questions
Over 385 realistic Security+ practice test questions
At least 10 performance-based questions
All questions include explanations so you’ll know why the correct answers are correct,
and why the incorrect answers are incorrect.
Upgrade Your Resume with the Security+ New Version
Multiple quiz formats to let you use these questions based on the way you learn.
- Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
- Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
- Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.
Pass the First Time You Take It
Get the full bank of SY0-601 Practice Test Questions Here
Click here if you’re looking for SY0-501 Online Study Package
Security+ Full Access Package
 | Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based
questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.
Buy The Full Access Study Package Today
60 Days Access
Need more time?
You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:
- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Over 40 new multiple-choice questions we’ve added after publishing the study guide.
- Over 30 performance-based questions. See a demo here.
- All of the flashcards from the study guide. View them in any Web browser.
- All of the audio from the study guide. Listen to a sample here.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Studying SSCP?
This book covers the new objectives effective Feb 1, 2012.
SSCP Systems Security Certified Practitioner All-in-One Exam Guide
Authorization
Once a user is identified and authenticated, they can be granted authorization based on their proven identity. It’s important to point out that you can’t have separate authorization without identification and authentication. In other words, if everyone logs on with the same account you can grant access to resources for everyone, or block access to resources for everyone. If everyone uses the same account, you can’t differentiate between users. However, when users have been authenticated with different user accounts, they can be granted access to different resources based on their identity.
In summary, it’s important to understand the differences between identification, authentication, and authorization when studying for security exams such as the Security+, SSCP, or CISSP exams. Identification occurs when a subject claims an identity (such as with a username) and authentication occurs when a subject proves their identity (such as with a password). Once the subject has a proven identity, authorization techniques can grant or block access to objects based on their proven identities.
Other Security+ Study Resources
Apps for Your Mobile Devices
Free No Risk Discount CompTIA Voucher Code
Master Security+ Performance Based Questions Video
Other Security+ Study Resources
Thanks Thomas. You’re absolutely correct. Looks like my typing when on autopilot in the summary. I just corrected it. Thanks again.
Hello Darril
This is an amazingly exact and helpful article. Thanks for that!
May I indicate a possible small mistake in your last paragraph?
You write “Identification occurs when a subject claims an identity (such as with a username) and authorization occurs when a subject proves their identity (such as with a password).”
Didn’t you mean “… and authentication occurs …” or don’t I get your point right?
All the best
Thomas