Given a principal's identifier and a password the authentication service verifies the identity. This could be based on public or private key.