In most scenarios a person identifies who they are (authentication/AuthN) via so

Question

In most scenarios a person identifies who they are (authentication/AuthN) via something like a username and password. Afterwards a system would likely evaluate what that validated identity can perform (authorization/AuthZ) via something like AD or LDAP groups.

Does anyone know of systems that evaluates authorization first? For example, before a password is verified or a session (e.g. a cookie) is even provided the system would check the username and see if the claimed identity is even allowed to try and authenticate. If not then it won't even bother with a password check or creation of a cookie/session.

This doesn't really fit the mold of classic authorization. Is there a term for this style of AuthN/AuthZ? I've been Googling all sorts of things to try and find a system, tool, app, term or definition that applies to this use case.

Explanation / Answer

What you are describing is, in fact, authentication. It is just a more explicit description of the steps involved in authenticating than you might generally see.

Specifically, the steps in the authentication process are identification, and authentication. First you get an identifier (such as a username) and if it is a valid identifier and can be matched in the identity system to a account with an authentication credential, you attempt to authenticate, or match the authentication credential presented (such as a password) to the authentication credential stored for that account.

So, you could call this "Identification and Authentication" if you like, but since both pieces are integral to successful authentication there's really no need to be so explicit.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.