Although there are clearly right and wrong ways to deploy security technologies, identity is less obvious. From a network designer's perspective, you must start by deciding where and what kind of identity information you must acquire. Broadly defined, there are three potential network identity paths:
Local application or system authentication is not discussed here because the techniques are obvious and not directly related to secure networking.
These three methods can be combined to achieve multilayered security. For example, when using 802.1x for LAN authentication, RFC 2827 filtering, and user application authentication, some elements of all three methods are used (user to network, device to network, and user to application).