Quotes
There are two general categories of threats to the enrollment process: impersonation, and either compromise or malfeasance of the infrastructure provider.
(NIST SP 800-63A, 2020(2), p. 25)
impersonation
Ability of a process to run using a different security context than the one that owns the process.
Overview
Impersonation is a feature of operating systems and applications that allows them to respond to client requests. Typically, a server impersonates a client to allow the client to access resources on the server. For example, Internet Information Services (IIS) uses impersonation to provide a secure context for responding to anonymous requests from clients.
An impersonation token is an access token that contains the security information of a client process and allows the server to impersonate the client to access resources.
See Also: authentication
(Tulloch, 2003, p. 141)
Bibliography
See Also
XXX