Authentication is basically the problem of taking a real world person who’s sitting in front of a computer and working at who they are, in other words, working at, which particular piece of information that we’ve got in our identity store, relates to that person, so we’ve got to tie these two things together.
In the world of identity, you would probably have some kind of login page, and these applications would send the user to this login page where they authenticate or type in some information that only they know, most of us have used a username and password or something like that to authenticate ourselves, the identity system takes this information and does some magic make sure that it is indeed you and can now tell each one of these applications that user has logged in.
The application is just saying, tell me who this is and so I don’t need to build blogging pages for every single app and all of the applications can take that same log in.
How to authenticate in different ways?
There’s a lot of complexity because everybody wants to determine who the user is in a different way.
We’ve all used banking applications where you’ve got a username and password and some magic pin or there’s other applications where you have to use some kind of secret token that gets emailed to you, so each one of these are different ways of determining who the user is.
Could be the user authentication is based on sorts of different things.
What that means is that behind this it’s not just one single authentication, we want to have the possibility to use a whole range of different kinds of authentication, or, different authentication modules. It is important that the identity system be able to support those different levels, in fact, to be customized, because each customer may want to do additional things when they authenticate a user.
Well I think that gives a good introduction about what authentication is.