• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Does <auth-method> can have vendor-specific authentication scheme?

 
Maciek Mike
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Does <auth-method> can have vendor-specific authentication scheme? In one of my mock questions I found
this as the correct answer. Could someone please provide any example of vendor-specifiv authentication scheme?
Thanks in advance.
 
chandan kumar mitwaa
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maciek Mike wrote:Hi,

...In one of my mock questions I found this as the correct answer. Could someone please provide any example of vendor-specifiv authentication scheme?
Thanks in advance.



Please specify the source of the mock question. As such <auth-method> can take only one of the four values in DD.
 
Maciek Mike
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I found it in whizlabs
 
Chinmaya Chowdary
Ranch Hand
Posts: 434
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, Maciek.

It is possible to include vendor-specific authentication. Suppose container/server uses BASIC authentication for the constrained resource. When a request comes to the constrained resource, container checks wether the resource is constrained or not? If it is constrained uses its BASIC authentication, which actually based on HTTP headers and sends response to the client with header like,
WWW-Authenticate: Basic realm="container/server related realm name"
Since we know Basic authentication uses Base64 encoding alogorithm. Then browser pop ups the window asking for username and password. When user enters it, then it encodes the username and password with base64 algorithm and sends the encoded values to the container through HTTP headers. Then server decodes them and gets the actual username and passwords and goes to another step autherization.

The above procedure shows the way to use 'vendor-specific authentication'(I am guessing this). Suppose if the vendor wants to use 'Symmetric key crytographic techniques' for the encryption and decryption. And if they made an algorithm based upon this cryptography and wants to use this type in authentication through HTTP headers. Then vendor provides authentication method like .

When a request comes to the constrained resouce, then it uses this authentication method and provides the response to the client with header like,
WWW-Authenticate: Symmetric realm="container/server related realm name"
. Then browser has to know how to deal with this type of authentication header. To deal with this type of header, it must have symmetric key crypthographic software installed in it as the container included. When user enters username and password encrypts it with this cryptograhic techniques and sends the request to the client. Then container decrypts it and moves to the next step 'autherization'.

It is even possible to use different protocol, like not using HTTP. More information, see this.
 
Maciek Mike
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks very much for your great answer
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic