authentication
When talking about authentication on the web, the key decision to make is: single site authentication or Single Sign On (SSO) authentication. Single site authentication is a way to authenticate a user to a single site. With SSO, however, once you log on one site, other sites, such as partner sites, will automatically recognize you. An Acsys specialist can guide you through the selection process and help you identify the best authentication method for your requirements, leveraging one or more the solutions available.
Authentication interfaces
Acsys experience with authentication includes many popular techniques:
- CAPTCHA
While not true authentication, CAPTCHAs (short for Completely Automated Public Turing test to tell Computers and Humans Apart) are primarily used to keep spam bots from filling out forms. They are typically a series of letters and numbers distorted so that a computer cannot recognize them.
- Basic Authentication/Digest Authentication
Basic and Digest authentication mechanisms present the user with a browser-generated input box ("gray box") requesting a name and password. Both basic and digest authentication are easily implemented, however they are eschewed in favor of more esthetically pleasing solutions.
- Forms Authentication
Forms authentication is the most common type of single site authentication, and is the most flexible in terms of user experience, security and ease of implementation.
- Other methods
Windows CardSpace is one of the newer methods of requesting authentication from a user. A site will request a token which will force the browser to display the various "Information Cards" the user has on his system. The user must then choose the one to submit to the requesting site. This makes for a quick process, where a user can authenticate or even register for a site with a few clicks. However the CardSpace interface is controlled by Windows, which means only Windows Vista and Windows 7 are guaranteed to have it pre-installed, with downloadable installations available for XP, and Server 2003. This prevents Mac, Mobile or *nix users from authenticating this way.
SSO
Single Sign-On typically presents larger architectural requirements, and involves multiple systems talking to each other. Acsys has a wealth of experience solving these problems with technologies such as:
- SAML
Security Assertion Markup Language (SAML), the XML-based protocol for handling authentication and authorization between disparate applications. SAML relies on two parties working together: the identity provider and (one or more) service providers. SAML is inherently platform independent and meant to support cross site seamless/transparent SSO.
- LDAP
The Lightweight Directory Access Protocol (LDAP) is a technology most often used in sites to connect to ActiveDirectory repositories. This allows a person who is already logged into a domain to be transparently authenticated to a site which uses that ActiveDirectory. This tends to be used most often in Intranets, where there is an existing ActiveDirectory which can be leveraged.
- Others
Other technologies such as OpenID, which are not technically SSO, but rather a shared authentication scheme, similar to a web based CardSpace may fit the needs of certain types of sites.
No matter what the size of your project, Acsys can help solve your authentication puzzle, providing you and your customers with a secure environment.
Want to learn more?
Find out how Acsys can help you get the most out of technology.
Set-up a free 30-minute tech assessment now.
Thank you for considering Acsys.
- Single Sign-On
- SAML
- PGP and GPG
- LDAP
- Active Directory