Basic security concepts essential for all architects
It is quite shame that a number Industry professionals including a large
number of architects don't understand the difference between identity,
Authentication and authorisation. Allow me to describe it very simple way -
Your identity is verified through a process/magic call "Authentication".
Identity is typical, that you present to verify your authentication
(username/password, fingerprint, and retina. You are Mr Bill, but how
someone will verify your Identity, it is through Authentication.
Secondly, still a high portion of Architects in BFS domain believes that we can
authenticate through/via database/master data. Let me correct it very simple
way " No banking products identified a person through database, for user
authentication, the industry solution is LDAPv3, and never use DB.
Again, majority of professionals including architects doesn't understand that
you can get an Authorisation Token through Web Single Sign On. SAML2.0,
OpenID, OAUTH2.0 are capable to contain various authorisation parameters
such as authorisation, group membership, entitlement etc.
So -> Key Points
KP1. Authentication (through valid Identity)
KP2. Your Identity will be store in to LDAPv3/meta Data " it will never store in
to Database". For details information please read "Database Vs. LDAPv3"
KP3. Once you have identified correctly, your profile can be retrieve from
database " so profile can be store in to database "Master Data"
KP4. Once you have Identified properly, i.e. after successful authentication,
next step will be Authorisation, which will give you a soft token, i.e. what all
operations you are entitle to do so such as "can you access all floor, can you
open a locker, can you access VIP area etc.?”
KP5. Again LDAPv3 can store your authorisation parameter such as ACL,
group membership, roles, policies etc. During this process you can also get a
SSO token " in simple example, a single key/hob that will give you access to
more than 1 buildings"
KP6. Typical Authorisation token are SAML2.0, OUATH2.0, OpenID etc.
+KP – Key point