Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Widely used ways of authenticating a user?  RSS feed

 
Kelly Powell
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you give me a list of valid or widely used ways of authenticating a user in a web service aside from the items listed below? I am asking this because I have to provide a way to validate the users on my web service to check if they have the right to access it. I would like to know which of the existing ways to validate a user is the most acceptable and secured.

Some user authentication that's running through my mind:
1. Username and password. To use a web service, the user must provide his user name and password to the web service. If his user name and password is valid, he will be allowed to use the web service.
2. IP address. Only users from certain IP addresses are allowed to access the web service.
3. MAC address. Only users from certain computers are allowed to access the web service.

It would be nice if you could also comment on my list. Like if their not the suggested way of user authentication.
 
Kelly Powell
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After much searching, it seems that the username and password is the most common way of authentication. I used Apache Rampart's UsernameToken to implement this.
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Right, that's exactly what the industry is trying to go away from, but it's tough...

Regards,
Dan
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dan Drillich wrote:that's exactly what the industry is trying to go away from

Could you elaborate on why you think so?
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kelly, we had recently a discussion about authentication at SAML in java.

Ulf, The Disadvantages of Password Authentication Protocol describes the motives to go away from this protocol.

Regards,
Dan
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Umm, ehow.com? The first two paragraphs don't really apply to machine-to-machine communication, rendering the 3rd paragraph -which builds on the first two- rather pointless. And the proposed solution -biometrics- obviously does not apply in this scenario.
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Ulf, but looks like authenticating a company on the web these days is done primarily via SSL, it's just that client SSL didn't catch up. Using RSA tokens for user authentication seems to be on the rise as we can see at Banks mull the attack on RSA tokens.

Regards,
Dan
 
Kelly Powell
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the link, Dan! I am not familiar with SAML and haven't tried using it before but I will research it. I'm already using HTTPS. Problem is I also have to authorize the user. That is why I also have to get their username and password to check for their roles.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!