Authorization and authentication
Despite its name, the action of USoft Authorizer is not limited to implementing authorization rules. Rather, its action is a combination of authorization and authentication:
•Authorization is the process of specifying, restricting, and checking data access rights of users on tables and logical views.
•Authentication is the process of validating the credentials (usually, a username/password combination) of the user logging on to an application.
Authorization depends on authentication. Before access to certain data can be allowed or restricted (authorization), the identity of the user has to be known and has to be verified (authentication).
Authentication may use sophisticated technologies, like bankcard readers connected to a personal computer, or end-user pattern recognition devices that scan voice characteristics, fingerprints or the iris of the human eye. In its simplest form, authentication validates users by their name and password, but this already gives rise to many issues. For instance, secure communication must be used if the password is sent through a network. Secure HTTP (HTTPS) provides a solution for communication between a web server and a browser. Moreover, the application may define requirements for the authentication process and the management of the password. Here are some typical examples of password management rules:
•Users must be allowed to change their own password.
•Password may expire after some adjustable period of time.
•Password should never be retrievable.
•A new password should be different from a previous one.
For all these requirements, USoft offers you a powerful solution, adaptable to the complexity of the requirements. The solution is straightforward to implement for simple requirements, but also flexible enough to implement more complex needs.