Security Concepts: Difference between revisions
| Line 1: | Line 1: | ||
=Public Key Cryptography= | =Public Key Cryptography= | ||
Public Key Cryptography, also known as ''asymmetrical cryptography'' | |||
=Authentication= | =Authentication= | ||
Revision as of 23:30, 9 November 2017
Public Key Cryptography
Public Key Cryptography, also known as asymmetrical cryptography
Authentication
Authentication is the process of identifying a subject and verifying the authenticity of the identification information.
The most common authentication mechanism is username/password. Other mechanisms are available: public key, shared key, smart cards, etc.
In the context of JEE declarative security, the result of a successful authentication is called a principal.
Related subjects: Basic and Digest HTTP Authentication.
Authorization
Authorization is the mechanism for granting or denying access to a resource based on identity.
In JEE, this is usually implemented by matching a principal with a set of actions they are or are not allowed to perform. This mapping is referred as a role.
Encryption
TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=CryptographicAlgorithms#EncryptionAndDecryption
SSL/TLS
SSO
TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=SingleSign-On
LDAP
TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=LDAP