Sunday, August 30, 2020

Security in Web Application

In the world of information security, the terms Identification, Authentication, and Authorization play a significant role.


Identification

Identification is the process of claiming or presenting an identity. The main objective of identification is to bind a user to appropriate controls, based on the identity.

An identity can be any of the following:

  • Username
  • Process ID
  • Smart Card
  • Biometric Scan, etc


Authentication

Authentication is the process of verifying the identity of a user. To prove identity, a user must provide appropriate information (credentials). The information provided by a user to prove identity is highly confidential, and known only to the user and/or system.

There are several methods of authentication:

  • Using something you know- password, personal identification number (PIN), etc.
  • Using something you own- smart card, RSA token, etc.
  • Using physical characteristics- biometrics.

Authorization

After identification and authentication is completed, a user is granted authorization if the identity is proven.

Note: Authorization is not possible without identification and authentication.

Authorization is the process of defining the various resources a user needs, and the type of access to those resources.

In big organizations, users are divided into roles and groups to manage access.



Web Authentication - Methods

The common web authentication methods are:

  • Cookie-based
  • Token-based
  • Third-party access (OAuth, API-token)
  • OpenID
  • SAML

        



        

                                                                                                                                         
      



No comments:

Post a Comment

Interview Prep: Java full stack

 SOLID principle :  https://www.educative.io/answers/what-are-the-solid-principles-in-java Design Pattern:  Creational:  https://medium.com...