Friday, May 20, 2011

Web app security

Principal
  • User, device or system that performs an action
Authentication
  • Establishing that a principal's credential's are valid
  • You are who you say you are? If so, you should know your password!
Authorization
  • Deciding if a principal is allowed to perform an action? 
  • Are you allowed to see this page? ( "to authorize" is to define access policy)
Secured item
  • Resource that is being secured
Confidentiality (data privacy)
  • Ensuring that an eavesdropper can’t read an HTTP message being sent from the client to the container
Data integrity
  • Ensuring that a hacker can’t alter the contents of an HTTP message while it is in transit from the container to a client.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)