General Rules
Everything must be authenticated and authorized.
(But what about privacy and anonymity?)
Strength and cost of authentication must be commensurate with resource being protected.
Can ramp up to strong authentication.
Previous slide
Back to first slide
View graphic version