Difference between revisions of "Security Concepts"

From NovaOrdis Knowledge Base
Jump to: navigation, search
(Security Protocols)
Line 1: Line 1:
 +
=Internal=
 +
 +
* [[OAuth 2.0 Concepts]]
 +
 
=Public Key Cryptography=
 
=Public Key Cryptography=
  

Revision as of 19:50, 17 May 2019

Internal

Public Key Cryptography

Public Key Cryptography, also known as asymmetrical cryptography

Authentication

Authentication is the process of identifying a subject and verifying the authenticity of the identification information.

The most common authentication mechanism is username/password. Other mechanisms are available: public key, shared key, smart cards, etc.

In the context of JEE declarative security, the result of a successful authentication is called a principal.

Related subjects: Basic and Digest HTTP Authentication.

Authorization

Authorization is the mechanism for granting or denying access to a resource based on identity.

In JEE, this is usually implemented by matching a principal with a set of actions they are or are not allowed to perform. This mapping is referred as a role.

Encryption

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=CryptographicAlgorithms#EncryptionAndDecryption

SSL/TLS

TLS

SSO

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=SingleSign-On

LDAP

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=LDAP

Security Protocols

Authentication Protocols

Authorization Delegation Protocols

Others