search

IDPros / bok

This is a public comment environment for the IDPro body of knowledge.
64 stars 26 forks source link

AuthN/AuthZ article feedback #97

Closed kzaky closed 1 year ago

kzaky commented 2 years ago

In the AuthN/AuthZ article it references that "Authentication is the process of proving that the user with a digital identity who is requesting access is the rightful owner of that identity." is that true or should be reworded that the user with the digital identity has the right credentials. I think ownership is separate from authentication. Having the keys to the house doesn't mean I own the house. We can argue that malicious actors doing credential stuffing attacks are authenticated but not rightful owners of the identity but rather have the right credentials.

cronical commented 2 years ago

This is a fair point. Welcome to the ongoing search for the perfect definition of AuthN.

hlflanagan commented 1 year ago

Thank you for the feedback! The article has been updated and v2 released as of 16 December 2022.