Credentials and Identity
Credentials and identity are assets to be managed and surely there are plenty of reasons to dedicate software for these resources otherwise they would not be so ubiquitous. However, the two concepts are not necessarily separate. They are separate only when the identity associated with an individual uses one or more credentials. A two-factor authentication is a good example for different credentials. The password is what the user knows and the one-time passcode is what the user has. This provides a separation of credentials but they represent the same identity. On the other hand, an identity represented by access key and access secret is different for each request made with an API call to a server since it does not recognize those credentials except for the purpose of authorizing the call.
A key-secret can be used for encryption of data just as much as it can be a form of identity. SSH access with username or password can be substituted with public and private key and it would still represent the same identity. Since encryption of data can be applied to scopes determined by different sized containers, the key-secret become a valuable asset and represents much more than an identity. They become assignable to parent keys and can be rotated so that they are not used again.
Key secrets are used mostly with byte ranges so it does not have any semantic content other than the context in which it was used. Yet they are just as significant to keep in a secure store as any other secret. This digital key is a bearer only access grantor yet it can be used in the form of an identity.
Such artifacts are exchangeable one for the other and yet the notion of identity remains virtually the same.
No comments:
Post a Comment