Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security

 
deepa raj
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which security mechanisms always operate independently of the transport layer?

Ans: Authorization

Explanation Given :

"Authorization operates completely within the container once authentication has occurred. Authentication can affect the transport layer based on how the <auth-method> element is set."

what does it mean "operate independently of the transport layer" ?

please explain how it is.
 
deepa raj
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anybody please help me to understand this query
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The transport layer for web apps means HTTP/HTTPS.
It means that all the authorization functionality works independently of the way you have accessed the application. In the context of web apps specifically, there's nothing HTTP/HTTPS-specific about authorization. That's different from authentication, where (e.g.) Basic authentication or client-cert authentication are wedded closely to HTTP.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic