Accountability
Accountability is the ability to determine the actions and behaviors of a single individual within a Web commerce system and to identify that particular individual. Audit trails and logs support accountability and can be used to conduct a postmortem study to analyze acts that previously occurred and the individuals or processes associated with those acts. Accountability is related to the concept of nonrepudiation, wherein an individual cannot successfully deny the performance of an action. Authentication and authorization are two additional mechanisms that are complementary to accountability.
Authentication is the testing or reconciliation of evidence of a user's identity. It establishes the user's identity and ensures that users are who they claim to be. For example, a user presents an identity (user ID) to a computer login screen and then has to provide a password. The computer system authenticates the user by verifying that the password corresponds to the individual presenting the ID.
Authorization refers to rights and privileges granted to an individual or process that enable access to computer resources and information assets. Once a user's identity and authentication are established, authorization levels determine the extent of system rights a user can hold.
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
