authentication. Kerberos uses a database of subjects, symmetric
               cryptography, and time synchronization of systems to issue tickets.

               Federated identity management is a single sign-on solution that can

               extend beyond a single organization. Multiple organizations create or
               join a federation and agree on a method to share identities between
               the organizations. Users can authenticate within their organization
               and access resources in other organizations without authenticating
               again. SAML is a common protocol used for SSO on the internet.

               AAA protocols provide authentication, authorization, and accounting.
               Popular AAA protocols are RADIUS, TACACS+, and Diameter.


               The identity and access provisioning lifecycle includes the processes to
               create, manage, and delete accounts used by subjects. Provisioning
               includes the initial steps of creating the accounts and ensuring that
               they are granted appropriate access to objects. As users’ jobs change,
               they often require changes to the initial access. Account review
               processes ensure that account modifications follow the principle of

               least privilege. When employees leave the organization, accounts
               should be disabled as soon as possible and then deleted when they are
               no longer needed.