is the process of verifying the identity of a person or service trying to access a resource. It involves obtaining the correct credentials from a party and forms the basis for creating a security principal for identity and access control. This checks whether it is really about the respective person.