WebApp Sec mailing list archives
Re: Authentication/Access-control libraries
From: "jdk" <dwall () yozons com>
Date: Tue, 2 Sep 2003 13:52:30 -0700
JAAS certainly is the place to go if you are looking for a pluggable authentication/authorization scheme for Java. But if you are looking to authenticate parties who you do not otherwise know, Experian (and Equifax) offer credit-based authentication systems. These are definitely not open source. Experian info can be found at http://www.experian.com/products/authentication_services.html I'm particularly familiar with Experian and Equifax because we offer these credit-based authentication services through our Signed & Secured product which allows businesses to securely send and electronically sign contracts and other documents. While we use userid+password authentication, single sign-on via Oblix Netpoint and secret passwords shared by the sender/recipients, we also use Experian for those cases where the sender of a contract needs additional user authentication beyond just identifying them to our service. Anyway, credit based authentication may be of interest for certain needs in your application. David ----- Original Message ----- From: "Lapinski, Michael (Research)" <lapinski () crd ge com> To: "'n30'" <n30_lists () hotmail com>; <security-basics () securityfocus com>; <secprog () securityfocus com>; <webappsec () securityfocus com> Sent: Tuesday, September 02, 2003 12:47 PM Subject: RE: Authentication/Access-control libraries
For java, http://java.sun.com/products/jaas/ One question, wouldn't you first want to find out what your customer is using at the backend for authentication/authorization and then tailor the site your building to their infrastructure? -good luck -mtl -----Original Message----- From: n30 [mailto:n30_lists () hotmail com] Sent: Tuesday, September 02, 2003 12:06 PM To: security-basics () securityfocus com; secprog () securityfocus com; webappsec () securityfocus com Subject: Authentication/Access-control libraries Gurus, Say I am a programmer designing an ecommerce site & wanting to write
secure
code. I have heard there are commercial & opensource secure libraries available out there that i can reuse for performing authentication and access control. Any links/pointers to them?? I am specifically looking for asp & java. But any language should be fine.
I
will get an insight into things. Thanks in advance -n
Current thread:
- Authentication/Access-control libraries n30 (Sep 02)
- Re: Authentication/Access-control libraries George Capehart (Sep 03)
- <Possible follow-ups>
- RE: Authentication/Access-control libraries Lapinski, Michael (Research) (Sep 02)
- Re: Authentication/Access-control libraries jdk (Sep 02)
- Re: Authentication/Access-control libraries cunningham . simon (Sep 03)
- RE: Authentication/Access-control libraries TUER, DON (Sep 03)
- RE: Authentication/Access-control libraries Sasha Romanosky (Sep 25)