Identification is the process whereby a network element recognizes a valid user's identity. Authentication is the process of verifying the claimed identity of a user. A user may be a person, a process, or a system (e.g., an operations system or another network element) that accesses a network element to perform tasks or process a call. A user identification code is a non-confidential auditable representation of a user. Information used to verify the claimed identity of a user can be based on a password, Personal Identification Number (PIN), smart card, biometrics, token, exchange of keys, etc. Authentication information should be kept confidential.
If users are not properly identified then the network element is potentially vulnerable to access by unauthorized users. Because of the open nature of ONA, ONA greatly increases the potential for unauthorized access. If strong identification and authorization mechanisms are used, then the risk that unauthorized users will gain access to a system is significantly decreased.
Section 
describes the threat of impersonating a
user in more detail.
The exploitation of the following vulnerabilities, as well as other identification and authentication vulnerabilities, will result in the threat of impersonating a user.
Computer intruders have been known to compromise PSN assets by
gaining unauthorized access to network elements.
It is possible for a person impersonating an
authorized user to cause the full range
of threats described in section .
Impacts on the PSN caused by the threat of impersonating a user
include the full range of impacts to NS/EP telecommunications
described in section .
The severity of the threat
of impersonating a user depends on the level of privilege that is
granted to the unauthorized user.