Authentication Service
Bruce Gruenbaum:
The Authentication Service is responsible for authenticating a user when the session starts up. All it does is determine that the user is known to the system and that the user's credentials have been authenticated. In most applications, the Authentication Service is a façade that allows implements
its authentication through an LDAP or other authentication service. The Authentication Service also provides the Connection Factory and other services with the credentials they need to authenticate the user of this session against other targets.
Thomas Mercer-Hursh
Are non-humans, i.e., services also authenticated and how?
Does this return a token which is then used to indicate that the current session is authenticated?
Initial content adapted from an exchange on the PEG
- Printer-friendly version
- Login to post comments
Comments
I'd be interesting in the
I'd be interesting in a broader discussion on security. Authentication, code injections, logging, whatever.
Just a more general discussion regarding concepts, guidelines etc. and how authentication and any other service fits into it.
Sounds like a book ... I
Sounds like a book ... I think to give us something useful to work on, we really have to break things down. E.g., the whole issue of web security probably has little to do with ABL code, except to be aware of issues like code injection. I.e., there is no component or service which needs to be created, but rather coding practice.
Note too that one of my goals with this project is to provide components which can be used individually or together, so they are not interdependent, just complementary and that they should be components whose actual use is tailored to the site. Thus, one site may use very scrupulous authentication at every stage while another might only authenticate a session once.