• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

auth-method and transport-gurantee

 
shan xiao
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It seems to me that by specify <auth-method> you are telling the container how secure it should be when transmitting the login information. On the other hand, <transport-gurantee> specifies how should the container transfer the user data. Any relationship between these two?

for example, if i have <auth-method>BASIC</auth-method> and
<transport-gurantee>CONFIDENTIAL</transport-gurantee>, how to guarantee that the confidential login information will be transmitted securely using BASIC authentication?
 
Nathaniel Stoddard
Ranch Hand
Posts: 1258
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As I'm sure you know, authentication and confidentiality are two separate things. Whether you need your app users to authenticate themselves before using the application is one thing. Whether you need communication to be confidential is a completely different beast.

To answer your question though: to make sure that transmitted information is done securely, you'll want to use the transport-guarantee tag, regardless of the authentication method.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic