Difference between revisions of "Security Concepts"

From NovaOrdis Knowledge Base
Jump to: navigation, search
(Others)
 
Line 54: Line 54:
  
 
* [[WS-*]]
 
* [[WS-*]]
 +
 +
=To Process=
 +
 +
<font color=darkgray>
 +
 +
Identity Federation and Single Sign-On are related concepts.
 +
 +
Single Sign-On (SSO) systems allow a single user authentication process across multiple IT systems and organizations. SSO is a subset of federated identity management, as it relates only to ''authentication'' and technical interoperability.
 +
 +
''User's presence'' in the system - means that the user identity is associated with the thread that is processing the user's request, and in a way, it is the user that "drives" the thread. The identity is associated with the thread in the form of a ''security context''.
 +
 +
Authentication. The whole point of an authentication protocol is to tell whether the user ''is present'' in the system.
 +
 +
Identity Provider (IdP) and Relying Party (RP).
 +
 +
Authentication protocols, single sign-on, SAML.
 +
 +
Authorization.
 +
</font>

Latest revision as of 19:54, 17 May 2019

Internal

Public Key Cryptography

Public Key Cryptography, also known as asymmetrical cryptography

Authentication

Authentication is the process of identifying a subject and verifying the authenticity of the identification information.

The most common authentication mechanism is username/password. Other mechanisms are available: public key, shared key, smart cards, etc.

In the context of JEE declarative security, the result of a successful authentication is called a principal.

Related subjects: Basic and Digest HTTP Authentication.

Authorization

Authorization is the mechanism for granting or denying access to a resource based on identity.

In JEE, this is usually implemented by matching a principal with a set of actions they are or are not allowed to perform. This mapping is referred as a role.

Encryption

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=CryptographicAlgorithms#EncryptionAndDecryption

SSL/TLS

TLS

SSO

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=SingleSign-On

LDAP

TODO https://home.feodorov.com:9443/wiki/Wiki.jsp?page=LDAP

Security Protocols

Authentication Protocols

Authorization Delegation Protocols

Others

To Process

Identity Federation and Single Sign-On are related concepts.

Single Sign-On (SSO) systems allow a single user authentication process across multiple IT systems and organizations. SSO is a subset of federated identity management, as it relates only to authentication and technical interoperability.

User's presence in the system - means that the user identity is associated with the thread that is processing the user's request, and in a way, it is the user that "drives" the thread. The identity is associated with the thread in the form of a security context.

Authentication. The whole point of an authentication protocol is to tell whether the user is present in the system.

Identity Provider (IdP) and Relying Party (RP).

Authentication protocols, single sign-on, SAML.

Authorization.