Versions Compared

Old Version 5

changes.mady.by.user David Doret

Saved on

compared with

New Version 6

changes.mady.by.user David Doret

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties

Contexts

Computer Science, IAM, Information Security

Term

Impersonation

Alternative Forms

To impersonate

Status
titleVerb

Definitions

The event of an entity that switches identity to appear to the system or organizational process with the identity of another entity. Impersonation may be authorized (e.g. authorized security context switching) or unauthorized (e.g. impersonation attack).

Depending on context, impersonation may designate the act of impersonating, the event of impersonation or the ability to impersonate.

Related Terms

  • AAL3

  • Authentication

  • Authenticator Assurance Level 3

  • Impersonation Attack

  • Impersonation Resistance

  • Impersonation Token

  • Verifier Impersonation

  • Verifier Impersonation Resistance

Quotes

There are two general categories of threats to the enrollment process: impersonation, and either compromise or malfeasance of the infrastructure provider.

(NIST SP 800-63A, 2020(2), p. 25)

impersonation

Ability of a process to run using a different security context than the one that owns the process.

Overview

Impersonation is a feature of operating systems and applications that allows them to respond to client requests. Typically, a server impersonates a client to allow the client to access resources on the server. For example, Internet Information Services (IIS) uses impersonation to provide a secure context for responding to anonymous requests from clients.

An impersonation token is an access token that contains the security information of a client process and allows the server to impersonate the client to access resources.

See Also: authentication

...