Authentication & authorization: Secure ID and user privileges

Authentication and authorization work together to prevent a multitude of application security attacks. While the basic concepts behind these two methods may be simple, the technology is not. There is a vast array of authentication and authorization techniques available. The articles, tips, definitions and expert advice in this learning guide will help you sort them out.

Authentication and authorization work together to prevent a multitude of application security attacks. While the basic concepts behind these two methods may be simple, the technology is not. There is a vast array of authentication and authorization techniques available. The articles, tips, definitions and expert advice in this learning guide will help you sort them out.


 

TABLE OF CONTENTS
   Authentication Basics
   Passwords
   Two-Factor & Multifactor Authentication
   Biometrics
   Single Sign-On
   Smart cards
   Digital Certificates & PKI
   Authorization
   SAML
 

 

  Authentication Basics  

[Return to Table of Contents]

The authentication process used to consist of a username and password. Naturally, authentication technology has evolved with time. Now there are dozens of authentication methods, many of which overlap. Below are a few of the most common techniques.

 

  Passwords  

[Return to Table of Contents]

 

  Two-Factor & Multifactor Authentication  

[Return to Table of Contents]

 

  Biometrics  

[Return to Table of Contents]

 

  Single Sign-On  

[Return to Table of Contents]

  • Definition: single sign-on
  •  

  • White paper: Simplify your life – eliminate passwords
    Learn more about implementing IBM's recommended password elimination Single Sign-On architecture and simplify the task of mapping user accounts across multiple systems and servers for all the people in an organization.
  •  

  • White paper: Selecting an enterprise single sign-on solution
    In this white paper you'll learn about eight key factors for evaluating an enterprise single sign-on (ESSO)solution for your company, improved password management practices with ESSO, and integration options for ESSO and two-factor authentication.
  •  

  • Webcast: Strong authentication and enterprise single sign-on go hand in hand
    In recent years, enterprise single sign-on (ESSO) has emerged as an easy, smart, and affordable way for organizations of all types and sizes to strengthen IT security while supporting user productivity. Listen in to hear the findings of Jonathan Penn, principal analyst at Forrester Research. He'll discuss strong authentication options and real world experience of customers successfully implementing a combined enterprise single sign-on with strong authentication solution to further strengthen IT security.

 

  Smart Cards  

[Return to Table of Contents]

  • Definition: smart card
  •  

  • Article: Smart cards: A primer
    This article brings smart cards to life with a real-world example. The techniques presented here will allow you to start building Java applications that are smart-card enabled.
  •  

  • Web site: Federal smart card Web site
    This site helps educate the smart card community on smart card policy, standards and interoperability.
  •  

  • Web site: Card technology: The smart card news source
    Get news about smart cards and such related payment and identification technologies as biometrics, PKI, mobile commerce, physical access control and computer network security.
  •  

  • Guide: The secure access using smart cards planning guide
    Smart cards provide particularly effective security control in two scenarios: to secure administrator accounts and to secure remote access. This guide concentrates on these two scenarios as the priority areas in which to implement smart cards.

 

  Digital Certificates and PKI  

[Return to Table of Contents]

 

  Authorization  

[Return to Table of Contents]

Once a user has been authenticated, authorization dictates what that user is allowed to access. While authorization is often overshadowed by authentication, its importance should not be underestimated. An authenticated user can inflict terrible damage while armed with improper access privileges.

 

  SAML  

[Return to Table of Contents]



 

Send in your suggestions
Are there other topics you'd like to see learning guides on? Send assistant editor Jennette Mullaney an e-mail at jmullaney@techtarget.com and let her know what they are.

This was first published in August 2006

Dig deeper on Building security into the SDLC (Software development life cycle)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

Close