Friday, January 23, 2004

Authentication

Authentication
HTTP Authentication is needed to secure web resources, including directories, files and services, including cgi, servlets and web services. The following list of authentication types are the most common and supported by a wide variety of servers and clients.

  • Anonymous
    No challenge to http resources.
  • Basic
    Sends the password in the http header unencrypted. Supported by most servers, clients and browsers.
  • Digest
    Similar to basic, but sends password encrypted so more secure. Supported by Apache with a module and IIS natively.
  • Forms
    A session id based on identity is kept in a Cookie and passed in the http header. Cookies are specific to the browser instance. IIS also provides a framework for implementing this.
  • Passport
    Microsoft's single sign on solution, with a centralized solution. Native support in IIS/Windows 2003, browser support is not limited to IE.
  • Kerberos
    A network authentication protocol, implementation available free from MIT and commercially from many vendors, including Microsoft IIS. While the MS implementation in Windows 2000 does use windows user accounts, it is not specific only to IE.
  • NTLM
    A Windows Integrated authentication similar to Kerberos, but for prior versions of Windows.
  • Certificates (X.509)
    The client maintains a digital certificate. "Digital certificates are, in essence, electronic ID cards that are issued by trusted parties and enable a user to verify both the sender and the recipient of the certificate through the use of public-key cryptography." Both IBM's Tivoli and IIS support certificates. Not all clients and browsers support certificates because a client install is required.

What this means to the enterprise

Since proprietary SSO products are typically based exclusively on a Forms style authentication, it is a strongly encrypted authentication, but we are limited to clients that support it. Also the session is limited a single client session. This means that if you start up another session you will be forced to login again. I believe that we should continue to support basic authentication in 8.1 and moving forward we should support the emerging standards, such as X.509 and Kerberos.

References

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/netdevanchor.asp
  • http://as400bks.rochester.ibm.com/tividd/td/TWS/SC32-1265-00/en_US/HTML/Eqqc1mst72.htm
  • http://web.mit.edu/kerberos/www/
  • http://support.microsoft.com/?id=264921
    • Posted by at No comments:

    Friday, January 9, 2004

    Microsoft SharePoint

    Windows SharePoint Services
    WSS is a server portal component included in Windows Server 2003 for creating a workgroup collaboration site. It includes document upload, indexing and searching. It also includes Alerts, which are triggered when a document or document area has been changed.

    Why develop on WSS?
    Web Parts. Microsoft put a modular user interface into every SharePoint     site, and it uses the full power of ASP.NET and Visual Studio .NET. Web Parts are created from within Visual Studio and have strong integration with Web Services. Sites as Programmable Objects. SharePoint sites, their contents, and the servers that deliver them are accessible, manipulable, and extensible via a managed code API and set of Web Services. You can even package them up as Templates to deploy reusable solutions. An accessible, extensible content store for documents and other data. You can reach the contents of a SharePoint site via Web Services, WebDAV, or the Windows XP Web Client service. Office applications read/write from/to SharePoint sites.

    SharePoint Portal Server 2003
    SPS is an enterprise portal server which can tie together individual SharePoint     sites. This is a separate product.

    Why develop on SPS?
    It's based on Windows SharePoint     Services. If it works in a SharePoint site, it'll probably work in a MySite, an area or a portal home page. Extensible services for indexing and search, people and personalization, and content aggregation/organization. Enterprise Application Integration features, particularly in the areas of Single Sign-On and BizTalk Server interoperability.

    InfoPath Integration
    InfoPath, which is a new Web Services forms product in Office 2003, is tightly integrated with SharePoint . It allows for saving forms to and launching forms from a SharePoint forms library. Also, forms data, with repeating complex elements, that is saved to a SharePoint library can be automatically aggregated into a single form inquire. For instance, travel expenses from a department can be merged into a single InfoPath form.

    What this means to the enterprise
    SharePoint integration is one of the most frequently requested feature from enterprise clients. I believe these are larger clients that have software from other vendors in addition to enterprise applications. One thought is that the enterprise portal could run in a SharePoint instance. Or perhaps integration could be reached using specific WebParts created for forms and drill, calling enterprise Web Services. While this would be a specific platform implementation, it could be a strong product offering for the enterprise.

    References
    Posted by at No comments:
    Subscribe to: Posts (Atom)