Summary

Identification and authentication form the foundation of security processes. They must be implemented first, and they must be done right. It doesn’t matter what clever access control and auditing capabilities are in place if the user is not really who you think they are, then everything else is a waste of time, code, and resources.

Other design decisions that are related to I&A also impact security. Preserving user identity to the database enables the use of database security that is consistent with the defense in depth principle. You have to design this security into your applications ahead of time.

The user-to-database modeling is important to forecast what database capabilities you’ll be able to use. At the very least you should separate user schemas and data schemas. Administrators shouldn’t share accounts. Sharing schemas should only be done when end-user identity can be preserved and the database privileges are identical for all users connected to the same schema.

Understanding the identification and authentication landscape is important to the way you formulate your security policies. You should carefully balance the security requirements—value and sensitivity of data—with the usability, administration, and costs associated with the various authentication technologies.