Authentication in a Distributed Environment

Authentication: The process of verifying the identity of an entity attempting to access a resource such as a file, piece of data, message, database, web page, or network.
- Entity: Typically refers to a computing process.
Two Different Entities/Roles in the Authentication Process:
- The Authenticator:
- Definition: The entity responsible for authentication, validating the identity of the user trying to log in.
- Example: The operating system acts as the authenticator when a user logs in.
- The Authenticatee:
- Definition: The entity attempting to gain access.
Scenario:
- John is viewing a web page that opens a database connection to a SQL server.
- Entities involved:
  - John (a human user)
  - The program executing on the web page (e.g., JavaScript)
  - The SQL server
- The Authenticator:
  - Either the SQL server (for local authentication) or a third party such as an AAA server, Access Control Server, Radius server, or Authentication Server (for centralized authentication).
- The Authenticatee:
  - John, as the human user, is seeking access.

Step 1: Identify the product(s) to analyze.
Step 2: Identify the evaluation metrics or criteria.
Step 3: Analyze the advantages and disadvantages of each product concerning each criterion.
- Example: Trade-off Analysis of Local Authentication vs. Centralized Authentication.

Local Authentication:
- Definition: Each individual server (e.g., database server, web server) is responsible for authenticating requests independently.
Centralized Authentication:
- Definition: A dedicated authentication server (e.g., AAA server or Kerberos server) handles all authentication requests on behalf of other servers.

Security:
- Local Authentication
- Pros: Individual servers are directly authenticating users, reducing reliance on a single point of failure.
- Cons: Any server can be attacked, leading to potential breaches across the system.
- Centralized Authentication
- Pros: Only one copy of user credentials needs to be protected since they are stored on the centralized server.
- Cons:
  - (a) If the user’s ID/password is breached, it enables unauthorized access to all servers impersonating the user.
  - (b) If the centralized server becomes unavailable, the entire authentication process fails, representing a single point of failure.

Efficiency:
- Local Authentication
- Pros: The authentication task is processed locally by the target server, leading to reduced network overhead.
- Cons: Each server must manage its own copy of user credentials, leading to increased storage requirements.
- Centralized Authentication
- Pros: Only one copy of credentials needs to be maintained (by the centralized authentication server).
- Cons: Requires additional network traffic between individual servers and the centralized authentication server to complete authentication tasks.

Scalability:
- Local Authentication
- Pros: As each server manages its own authentication tasks, adding more servers does not hinder performance or create delays.
- Cons: None discussed.
- Centralized Authentication
- Cons: May struggle with scalability; as the number of servers increases, the centralized authentication server may become a bottleneck, causing delays in processing authentication requests.
- Possible Solution: Implement multi-layer authentication servers where each site or division hosts its own server alongside the centralized server.

Single-Sign-On Support:
- Local Authentication
- Pros: More secure; if one server’s ID/password is compromised, only that server is affected; other servers remain secure.
- Cons: Not user-friendly, as users must memorize different ID/password combinations for each server.
- Centralized Authentication
- Pros: Facilitates single-sign-on; users only need to remember one ID/password to access all servers.
- Cons: The reliance on a single set of credentials raises security concerns if compromised due to the greater access it enables across the system.