Authentication

From MapbenderWiki

Jump to: navigation, search

From Wikipedia, the free encyclopedia

Authentication (Greek: αυθεντικός, from 'authentes'='author') is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. Authentication of an object may mean confirming its provenance. Authentication of a person often consists of verifying their identity.

In computer security, authentication is the process of attempting to verify the identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program. A blind credential, in contrast, does not establish identity at all, but only a narrow right or status of the user or program.

In a Web of trust "authentication" is a way to ensure users are who they say they are—that the user who attempts to perform functions in a system is in fact the user who is authorized to do so.

To distinguish authentication from the closely related term authorization, the short-hand notations A1 (authentication) and A2 (Authorization) are occasionally used.

Implementation in Mapbender

The trunk version of Mapbender contains code to use simple HTTP authentication.

Mapbender authenticates users by their name in combination with a password. Both are sent to a server side script which checks the name and password against the user database (mb_user.name & mb_user.password). If the user and password are correct (meaning that this combination could be verified in the database) a session ID is generated. This session ID is valid until the user explicitly destroys it (by logging off) or it times out.

Every request that is sent by the client passes through the Authorization module. That way it is warranted that the user can only access services with functionality that permission has been granted for. Read more about how to secure your system using the Mapbender Security Proxy.

Future Development

Currently there is one user authentication mechanism implemented in Mapbender. Many installations need to stick with existing authentication services but authorization is always implemented by Mapbender. Therefore Mapbender must be able to integrate other authentication services. This can be done in many different ways and can be implemented by any professional service provider. OpenID could be a technology that makes this interation a lot easier. If there is interest to implement this in Mapbender, please let the Mailing Lists know. There is a comprehensive and readable implemenation of OpenID on Google Code.

Retrieved from "http://www.mapbender.org/Authentication"
Views
Personal tools