WebApp Sec mailing list archives

RE: Authentication/Access-control libraries

From: "TUER, DON" <don.tuer () cgi com>
Date: Wed, 3 Sep 2003 11:42:25 -0400

FYI: For ASP you could look to .NET forms authentication which will handle
authentication for you. You can then use roles for authorization. 

-----Original Message-----
From: cunningham.simon () btopenworld com
[mailto:cunningham.simon () btopenworld com] 
Sent: September 3, 2003 3:42 AM
To: n30_lists () hotmail com
Cc: security-basics () securityfocus com; secprog () securityfocus com;
webappsec () securityfocus com
Subject: Re: Authentication/Access-control libraries

JAAS has been suggested, this offers useful functionality in the Java space
but is unlikely to solve all your problems in the web tier, particularly as
you mention ASP.

On the commercial front you should be looking at Netegrity SiteMinder, IBM
Tivoli Access Manager and Oblix NetPoint.  There are others but these are
the market leaders (according to Gartner).  All offer agents of some form
that perform authentication and authorisation before access is granted to a
URL thus saving you from having to put authentication and authorisation code
in every page.  They also offer mechanisms to do more granular authorisation
inside your application should you want to.

There's much more to these products (flexible authentication schemes, policy
based authorisation, SSO support, complementary identity management
products, etc., etc.) but I'll spare you the sales pitch.

Hope that helps.

Simon

 from:    n30 <n30_lists () hotmail com>
 date:    Tue, 02 Sep 2003 17:05:31
 to:      security-basics () securityfocus com, secprog () securityfocus com,

webappsec () securityfocus com

 subject: Re: Authentication/Access-control libraries

Gurus,

Say I am a programmer designing an ecommerce site & wanting to write

secure

code. I have heard there are commercial & opensource secure libraries
available out there that i can reuse for performing authentication and
access control.

Any links/pointers to them??

I am specifically looking for asp & java. But any language should be fine.

will get an insight into things.

Thanks in advance
-n

Current thread:

Authentication/Access-control libraries n30 (Sep 02)
- Re: Authentication/Access-control libraries George Capehart (Sep 03)
- <Possible follow-ups>
- RE: Authentication/Access-control libraries Lapinski, Michael (Research) (Sep 02)
  - Re: Authentication/Access-control libraries jdk (Sep 02)
- Re: Authentication/Access-control libraries cunningham . simon (Sep 03)
  - RE: Authentication/Access-control libraries TUER, DON (Sep 03)
- RE: Authentication/Access-control libraries Sasha Romanosky (Sep 25)