Identity
Definition
The unique reference for a principal (user, device, workload). Authentication proves identity; authorization gates what identity can do.
Identity stores
🌐 Networking
- RADIUS — auth for network access (802.1X, Wi-Fi, VPN)
- TACACS+ — device admin access
🐧 Linux
- /etc/passwd + /etc/shadow
- LDAP (often via SSSD)
- Kerberos realms
☁️ Cloud
- AWS IAM — users, roles, groups, policies
- Entra ID — users, groups, service principals, managed identities
🔐 Cybersecurity
- SSO / Federation — SAML, OIDC bridge identity between systems
- Workload identity — SPIFFE / SPIRE
- Zero Trust — identity becomes the new perimeter
Federation patterns
- User ↔ IdP ↔ Service Provider (SAML/OIDC)
- Workload ↔ OIDC token ↔ Cloud role (GitHub Actions → AWS AssumeRoleWithWebIdentity)
- Device ↔ certificate ↔ Network (802.1X EAP-TLS)