In the context of the question the term subject refers to a user, program/processes/services etc.

In the context of authentication, an object refers to a protected entity or resource that a user or service attempts to access. It’s the target of authorization decisions, determining who can do what with it.

Access control is the security mechanism that governs who can access what, within a computer system or network. It acts as a digital gatekeeper, ensuring only authorized individuals or entities can access specific resources, while keeping everything else secure.

Authentication is the cornerstone of security in the digital world. It’s the process of verifying someone’s or something’s identity, ensuring they are who or what they claim to be. Think of it as proving your passport at the airport – before gaining access, you need to demonstrate your legitimacy.

Directory servers are the digital librarians of the enterprise assets (users and digital resources), tirelessly organizing and indexing information about network resources and users. They act as central repositories, enabling efficient access and management of crucial data in large networks.

Here’s a concise summary of the three primary authentication factors:

1. Knowledge Factor: Something you know (passwords, PINs, security questions)
2. Possession Factor: Something you have (smartphones, security tokens, smart cards)
3. Inherence Factor: Something you are (fingerprints, facial recognition, voice recognition)

Combining two or more factors (multi-factor authentication) significantly strengthens security.

Something you know refers to something you remember like passwords, PINs and  security questions

Hashing with salt includes

1. Convert passwords to unique, irreversible hashes using strong algorithms like bcrypt or Argon2.
2. Add random “salt” to each password before hashing to prevent pre-computed attacks.

Authorization is the process of granting or denying access to resources, systems, or information based on the permissions and privileges assigned to an individual or system entity. It defines what actions or operations an authenticated user or system is allowed to perform within a given environment.

The Lightweight Directory Access Protocol (LDAP) is used to access and manage directory information, including user identities and attributes, within a centralized directory service. LDAP facilitates authentication, authorization, and directory searches in networked environments.

In the case of possession factors, authentication relies on the user possessing a physical device or object. This can include hardware tokens, smart cards, mobile devices, or any item that the user physically possesses. The possession factor adds an extra layer of security by requiring the user to have a tangible item in addition to knowing a password or PIN.

OAuth stands for Open Authorization. It is an open standard for access delegation commonly used to grant websites or applications limited access to user information without exposing passwords.

The standard port number used by the LDAP (Lightweight Directory Access Protocol) protocol is 389 for non-encrypted communication. These port numbers are defined by the Internet Assigned Numbers Authority (IANA) for LDAP services.

PAM refers to a set of technologies and practices that manage and secure privileged access within an organization’s IT environment.

Biometrics in access control involves using unique physical or behavioral characteristics, such as fingerprints, facial features, or iris patterns, to verify and grant access to individuals. Biometrics enhances security by providing a more personalized and difficult-to-replicate method of authentication compared to traditional methods like passwords or access cards.

The phrase Access Control matrix matches the definition in the question.

The client passes the authentication information to the server in an Authorization header. The authentication information is in base-64 encoding.

The standard port number used by LDAPS (LDAP over SSL/TLS) protocol is 636.

Password-based authentication is considered affordable due to its simplicity, low overhead, and widespread compatibility. It is easy to implement and manage, requiring minimal infrastructure changes and benefiting from users’ familiarity with the concept. The cost-effectiveness and ease of integration into existing systems contribute to its widespread adoption.

The main purpose of OpenID Connect (OIDC) is to provide a simple and secure way to verify the identity of users (authentication) and to obtain basic user profile information, building on the OAuth 2.0 framework.

OpenID Connect (OIDC) is an authentication protocol that builds on OAuth 2.0. It allows clients to verify the identity of users based on the authentication performed by an authorization server, and to obtain basic profile information about the user in an interoperable and REST-like manner. OIDC is commonly used for single sign-on (SSO) solutions.

In short, WebAuthn (Web Authentication) is a web standard that enables secure and passwordless authentication, allowing users to log in to websites and applications using biometrics, security keys, or other authenticators.