Security Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 21: Line 21:
=SSL/TLS=
=SSL/TLS=


<font color=red>TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=SSLTLS#Overview</font>
{{Internal|TLS|TLS}}


=SSO=
=SSO=

Revision as of 01:05, 7 November 2017

Authentication

Authentication is the process of identifying a subject and verifying the authenticity of the identification information.

The most common authentication mechanism is username/password. Other mechanisms are available: public key, shared key, smart cards, etc.

In the context of JEE declarative security, the result of a successful authentication is called a principal.

Related subjects: Basic and Digest HTTP Authentication.

Authorization

Authorization is the mechanism for granting or denying access to a resource based on identity.

In JEE, this is usually implemented by matching a principal with a set of actions they are or are not allowed to perform. This mapping is referred as a role.

Encryption

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=CryptographicAlgorithms#EncryptionAndDecryption

SSL/TLS

TLS

SSO

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=SingleSign-On

LDAP

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=LDAP