Authentication and Authorization |
Authentication and authorization can be defined as follows:
Authorization depends on authentication. Before being able to provide or restrict access to certain data (authorization), the identity of the user has to be known and has to be verified (authentication). Authentication may use sophisticated technologies, like bankcard readers connected to a personal computer, or end-user pattern recognition devices that scan fingerprints or the iris of the human eye. In its simplest form, authentication validates users by their name and password, but this already gives rise to many issues. For instance, secure communication must be used if the password is sent through a network. Secure HTTP (HTTPS) provides a solution for communication between a web server and a browser. Moreover, the application may define requirements for the authentication process and the management of the password. Here are some typical examples of password management rules:
For all these requirements, USoft offers you a powerful solution, adaptable to the complexity of the requirements. The solution is straightforward to implement for simple requirements, but also flexible enough to implement most complex needs. |