Information (an identifier) which a user wishing to utilize resources, uses to differentiate themselves from all other entities.
Without identification, there is no basis for granting authorizations or maintaining accountability

• Identification - Who are you? (e.g., unique user-ID)
• Authentication - Prove who you say you are (e.g., password)
  Note: “User” - Could be a person, program, process, network or hardware.

• Unique: All users must have a unique identifier: Establishes accountability for actions.
• Universal: The same type of identifier should be available from all users accessing a particular system:
  • Simplifies administration
  • Identification issues also impact privacy.

• User-ID (network/application access)
• Company badge (building/room access)
• Smart Card (logical or physical access) or Digital Certificate (logical access)
• Can combine both identification & authentication.