WebApp Sec mailing list archives
RE: Authentication/Access-control libraries
From: "TUER, DON" <don.tuer () cgi com>
Date: Wed, 3 Sep 2003 11:42:25 -0400
FYI: For ASP you could look to .NET forms authentication which will handle authentication for you. You can then use roles for authorization. -----Original Message----- From: cunningham.simon () btopenworld com [mailto:cunningham.simon () btopenworld com] Sent: September 3, 2003 3:42 AM To: n30_lists () hotmail com Cc: security-basics () securityfocus com; secprog () securityfocus com; webappsec () securityfocus com Subject: Re: Authentication/Access-control libraries JAAS has been suggested, this offers useful functionality in the Java space but is unlikely to solve all your problems in the web tier, particularly as you mention ASP. On the commercial front you should be looking at Netegrity SiteMinder, IBM Tivoli Access Manager and Oblix NetPoint. There are others but these are the market leaders (according to Gartner). All offer agents of some form that perform authentication and authorisation before access is granted to a URL thus saving you from having to put authentication and authorisation code in every page. They also offer mechanisms to do more granular authorisation inside your application should you want to. There's much more to these products (flexible authentication schemes, policy based authorisation, SSO support, complementary identity management products, etc., etc.) but I'll spare you the sales pitch. Hope that helps. Simon
from: n30 <n30_lists () hotmail com> date: Tue, 02 Sep 2003 17:05:31 to: security-basics () securityfocus com, secprog () securityfocus com,
webappsec () securityfocus com
subject: Re: Authentication/Access-control libraries Gurus, Say I am a programmer designing an ecommerce site & wanting to write
secure
code. I have heard there are commercial & opensource secure libraries available out there that i can reuse for performing authentication and access control. Any links/pointers to them?? I am specifically looking for asp & java. But any language should be fine.
I
will get an insight into things. Thanks in advance -n
Current thread:
- Authentication/Access-control libraries n30 (Sep 02)
- Re: Authentication/Access-control libraries George Capehart (Sep 03)
- <Possible follow-ups>
- RE: Authentication/Access-control libraries Lapinski, Michael (Research) (Sep 02)
- Re: Authentication/Access-control libraries jdk (Sep 02)
- Re: Authentication/Access-control libraries cunningham . simon (Sep 03)
- RE: Authentication/Access-control libraries TUER, DON (Sep 03)
- RE: Authentication/Access-control libraries Sasha Romanosky (Sep 25)