Web Application Security Part 2
Agenda
- Client certificate-based authentication
- Digest-based authentication
- Declarative authorization
- Programmatic authorization
- Programmatic authentication
Why Certificate-based Authentication?
- Username/password authentication cannot be used between program to program authentication
- Certificates may identify end-users, business organizations, servers, software entities
- Username/password pair might not provide enough credentials
- Certificate can contain much more than username and password
Certificate-based Authentication
- Client authentication
- Server verifies client's identity
- Server authentication
- Client verifies server's identity
- Occurs “transparently” in SSL-based browser and web server communication
- Mutual authentication
- both server and client verify each other's identity
You must have an active subscription to download PDF and Lab Zip of this course topic.Please click the "Subscribe" button or the "Login" button if you already have an account.