Authentication - Method / Protocol

> Software Security > (Authentication|Access control|Identification) - AuthN

1 - About

The authentication methods / construct / protocol validates the identity of a user (ie validates who you are).

The method is implemented by a (identify|authentication) provider.

Advertising

3 - Method

3.1 - Username / Password

In the traditional client-server authentication model, the third-party application requests an access-restricted resource (protected resource) on the server by authenticating with the server using the resource owner's credentials (generally a username/password). The resource owner shares then its credentials with the third party app.

The cleartext protocols should be used together with HTTPS to encrypt the credentials in transit.

3.2 - Identity assertion

An Identity assertion Authentication use as credentials:

Identity Assertion may be exchanged with the help of the Security Assertion Markup Language (SAML)

Advertising

3.3 - Others

4 - Strong

Strong authentication are generally based on identity assertion

security/auth/method.txt · Last modified: 2019/05/07 15:48 by gerardnico