Authentication and Authorization:The Big Picture with IEEE 802.1X

Current authentication protocols (i.e. user login and password) successfully restrict access to properly configured workstations and servers. Traditionally, a user’s privileges will allow (or deny) access to files or applications on the local machine or on other machines within its domain. Yet, authorized access to a particular machine (or domain) does not necessarily correlate with access to privileged network services. That is, a given computer is unable to grant differential network privileges (on a large scale) to different users. For example, a user and an administrator could independently login to the same workstation. The administrator may require enhanced network service access (such as outside FTP or access to a particular VLAN). Nevertheless, under traditional authentication protocols, neither the computer nor the network switch to which it is connected will be able to independently grant the administrator enhanced access to these network services.