Security Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 10: Line 10:


=Authorization=
=Authorization=


Authorization is the mechanism for granting or denying access to a resource based on identity.
Authorization is the mechanism for granting or denying access to a resource based on identity.
Line 16: Line 15:
In JEE, this is usually implemented by matching a principal with a set of actions they are or are not allowed to perform. This mapping is referred as a ''role''.
In JEE, this is usually implemented by matching a principal with a set of actions they are or are not allowed to perform. This mapping is referred as a ''role''.


!!!Encryption
=Encryption=
   
   
|[CryptographicAlgorithms#EncryptionAndDecryption]
<font color=red>TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=CryptographicAlgorithms#EncryptionAndDecryption</font>
 
!!!SSL/TLS
 
|[SSL/TLS|SSLTLS#Overview]
 
!!!SSO
 
|[Single Sign-On]


=SSL/TLS=


!!!LDAP
<font color=red>TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=SSLTLS#Overview</font>


|[LDAP]
=SSO=


<font color=red>TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=SingleSign-On</font>


=LDAP=


__Referenced by:__\\
<font color=red>TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page= LDAP</font>
[{INSERT com.ecyrd.jspwiki.plugin.ReferringPagesPlugin WHERE max=20, maxwidth=50}]

Revision as of 20:38, 6 March 2017

Authentication

Authentication is the process of identifying a subject and verifying the authenticity of the identification information.

The most common authentication mechanism is username/password. Other mechanisms are available: public key, shared key, smart cards, etc.

In the context of JEE declarative security, the result of a successful authentication is called a principal.

Related subjects: Basic and Digest HTTP Authentication.

Authorization

Authorization is the mechanism for granting or denying access to a resource based on identity.

In JEE, this is usually implemented by matching a principal with a set of actions they are or are not allowed to perform. This mapping is referred as a role.

Encryption

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=CryptographicAlgorithms#EncryptionAndDecryption

SSL/TLS

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=SSLTLS#Overview

SSO

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=SingleSign-On

LDAP

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page= LDAP