are by triple A in the cloud. It's this thing aside, Tripoli, on your network, when a user goes toe access a resource. And by the way, this is usually under the topic of access control. So I'm a subject gonna add access, An object Kelly Hander Hand's gonna access the sales fold.
First thing I have to do is identify Kelly age. Second thing I need to do is authenticate. I'm gonna prove on Kelly age because I'm gonna type in a password on Lee Kelly. H knows that's authentication.
Well, the problem with that is single factor authentication today. Not good enough, particularly with passwords. Any a character password? I don't care how complex can be broken in a maximum of three days. We've got to get beyond passwords,
smartcards, bi metrics, token devices, whatever else we're gonna add to the mix.
Fine. But we've got to get away from just relying on passwords, multi factor authentication. A combination of something. I know something. I have been something. I am choosing more than one factor.
rights and permissions do I have in the network at the right access? I have the right to log in locally to this server. I have permission to access the sales fold, whatever that may be. Now I've mentioned on this hope and, of course, auditing being an essential element, being able to map the user's identity or,
let's say this way, being able to map an action
to the user's identity. Now, with all this being said again, this kind of carries over to regular network. But with the cloud environment we're starting to see like Okay, so this identity piece,
where does my identity rest? It's no longer my internal domain controller usually. Well, in the next chapter, we're gonna talk about account provisioning. We're gonna talk about Hope and I d were to talk about authentication using sample tokens. So even though I've referenced open I d and O off here and I've talked about an I. D. P and identity provider that's gonna come so we can just kind of put that to the side for now, if that's not something you've worked with