Understanding the scope of access
In the cyber world, the most used way of providing access to services is through an identity system. We discussed different types of identity systems in previous chapters. There are centralized and decentralized identity systems. Some identity systems are application based and some identity systems are web based. However, all identity systems keep a bunch of attributes that relate to identity. There are many web-based identity providers today that support Single Sign-On (SSO) – when configured, authentication will take place on the identity provider’s identity system, which provides access to other services, such as service providers. Facebook, Google, and Microsoft are popular identity providers that can be integrated into other applications for authentication purposes.
When the authentication is completed, the next step is authorization. Authorization is maintaining a level of access. For example, if you take a company with a large...
