Security Concepts: Difference between revisions
(Created page with "=Authentication= Authentication is the process of identifying a subject and verifying the authenticity of the identification information. The most common authentication mech...") |
|||
| Line 7: | Line 7: | ||
In the context of JEE declarative security, the result of a successful authentication is called a ''principal''. | In the context of JEE declarative security, the result of a successful authentication is called a ''principal''. | ||
Related subjects: [[HTTP Authentication]]. | Related subjects: [[Basic and Digest HTTP Authentication]]. | ||
=Authorization= | =Authorization= | ||
Revision as of 20:36, 6 March 2017
Authentication
Authentication is the process of identifying a subject and verifying the authenticity of the identification information.
The most common authentication mechanism is username/password. Other mechanisms are available: public key, shared key, smart cards, etc.
In the context of JEE declarative security, the result of a successful authentication is called a principal.
Related subjects: Basic and Digest HTTP Authentication.
Authorization
Authorization is the mechanism for granting or denying access to a resource based on identity.
In JEE, this is usually implemented by matching a principal with a set of actions they are or are not allowed to perform. This mapping is referred as a role.
!!!Encryption
|[CryptographicAlgorithms#EncryptionAndDecryption]
!!!SSL/TLS
|[SSL/TLS|SSLTLS#Overview]
!!!SSO
|[Single Sign-On]
!!!LDAP
|[LDAP]
__Referenced by:__\\ [{INSERT com.ecyrd.jspwiki.plugin.ReferringPagesPlugin WHERE max=20, maxwidth=50}]