Authentication and Authorization

Authentication and authorization can be defined as follows:

·	Authentication is the process of validating the credentials of the user logging on to an application. Usually, these credentials are a user name and a password..

·	Authorization is the process of specifying, restricting, and checking data access rights of users on tables and logical views.

Authorization depends on authentication. Before being able to provide or restrict access to certain data (authorization), the identity of the user has to be known and has to be verified (authentication).

Authentication may use sophisticated technologies, like bankcard readers connected to a personal computer, or end-user pattern recognition devices that scan fingerprints or the iris of the human eye. In its simplest form, authentication validates users by their name and password, but this already gives rise to many issues. For instance, secure communication must be used if the password is sent through a network. Secure HTTP (HTTPS) provides a solution for communication between a web server and a browser. Moreover, the application may define requirements for the authentication process and the management of the password. Here are some typical examples of password management rules:

·	Users must be allowed to change their own password.

·	Password may expire after some adjustable period of time.

·	Password should never be retrievable.

·	A new password should be different from a previous one.

For all these requirements, USoft offers you a powerful solution, adaptable to the complexity of the requirements. The solution is straightforward to implement for simple requirements, but also flexible enough to implement most complex needs.