Page Properties | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Quotes
There are two general categories of threats to the enrollment process: impersonation, and either compromise or malfeasance of the infrastructure provider.
(NIST SP 800-63A, 2020(2), p. 25)
As typically done in the literature on identification schemes, we study security against impersonation; that is, against an adversary that, given all public keys (but no secret key), tries to convince the server to be an authorized user.
(Crescenzo, 2008, p. 4-5)
impersonation
Ability of a process to run using a different security context than the one that owns the process.
Overview
Impersonation is a feature of operating systems and applications that allows them to respond to client requests. Typically, a server impersonates a client to allow the client to access resources on the server. For example, Internet Information Services (IIS) uses impersonation to provide a secure context for responding to anonymous requests from clients.
An impersonation token is an access token that contains the security information of a client process and allows the server to impersonate the client to access resources.
See Also: authentication
(Tulloch, 2003, p. 141)
Bibliography
See Also
...
Filter by label (Content by label) | ||||||
---|---|---|---|---|---|---|
|