Impersonation (Dictionary Entry)

Contexts	Computer Science, IAM, Information Security
Term	Impersonation
Alternative Forms	To impersonate VERB
Definitions	The event of an entity that switches identity to appear to the system or organizational process with the identity of another entity. Impersonation may be authorized (e.g. authorized security context switching) or unauthorized (e.g. impersonation attack). Depending on context, impersonation may designate the act of impersonating, the event of impersonation or the ability to impersonate.
Related Terms	AAL3 Authentication Authenticator Assurance Level 3 Impersonation Attack Impersonation Resistance Impersonation Token Verifier Impersonation Verifier Impersonation Resistance

Quotes

There are two general categories of threats to the enrollment process: impersonation, and either compromise or malfeasance of the infrastructure provider.

(NIST SP 800-63A, 2020(2), p. 25)

As typically done in the literature on identification schemes, we study security against impersonation; that is, against an adversary that, given all public keys (but no secret key), tries to convince the server to be an authorized user.

(Crescenzo, 2008, p. 4-5)

impersonation
Ability of a process to run using a different security context than the one that owns the process.
Overview
Impersonation is a feature of operating systems and applications that allows them to respond to client requests. Typically, a server impersonates a client to allow the client to access resources on the server. For example, Internet Information Services (IIS) uses impersonation to provide a secure context for responding to anonymous requests from clients.
An impersonation token is an access token that contains the security information of a client process and allows the server to impersonate the client to access resources.
See Also: authentication

(Tulloch, 2003, p. 141)

Bibliography

Tulloch, 2003