• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Widely used ways of authenticating a user?

 
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can you give me a list of valid or widely used ways of authenticating a user in a web service aside from the items listed below? I am asking this because I have to provide a way to validate the users on my web service to check if they have the right to access it. I would like to know which of the existing ways to validate a user is the most acceptable and secured.

Some user authentication that's running through my mind:
1. Username and password. To use a web service, the user must provide his user name and password to the web service. If his user name and password is valid, he will be allowed to use the web service.
2. IP address. Only users from certain IP addresses are allowed to access the web service.
3. MAC address. Only users from certain computers are allowed to access the web service.

It would be nice if you could also comment on my list. Like if their not the suggested way of user authentication.
 
Kelly Powell
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
After much searching, it seems that the username and password is the most common way of authentication. I used Apache Rampart's UsernameToken to implement this.
 
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Right, that's exactly what the industry is trying to go away from, but it's tough...

Regards,
Dan
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Dan Drillich wrote:that's exactly what the industry is trying to go away from


Could you elaborate on why you think so?
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Kelly, we had recently a discussion about authentication at SAML in java.

Ulf, The Disadvantages of Password Authentication Protocol describes the motives to go away from this protocol.

Regards,
Dan
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Umm, ehow.com? The first two paragraphs don't really apply to machine-to-machine communication, rendering the 3rd paragraph -which builds on the first two- rather pointless. And the proposed solution -biometrics- obviously does not apply in this scenario.
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you Ulf, but looks like authenticating a company on the web these days is done primarily via SSL, it's just that client SSL didn't catch up. Using RSA tokens for user authentication seems to be on the rise as we can see at Banks mull the attack on RSA tokens.

Regards,
Dan
 
Kelly Powell
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the link, Dan! I am not familiar with SAML and haven't tried using it before but I will research it. I'm already using HTTPS. Problem is I also have to authorize the user. That is why I also have to get their username and password to check for their roles.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic