1 <?xml version="1.0" encoding="iso-8859-1"?> 2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 3 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 4 <html xmlns="http://www.w3.org/1999/xhtml"> 5 <head> 6 <title>Securing a WebStack Application</title> 7 <meta name="generator" content="amaya 8.1a, see http://www.w3.org/Amaya/" /> 8 <link href="styles.css" rel="stylesheet" type="text/css" /> 9 </head> 10 11 <body> 12 <h1>Securing a WebStack Application</h1> 13 14 <p>Making sure that Web applications are "secure" involves many different 15 aspects of application design, deployment and administration. This document 16 covers only the usage of the authentication features of the WebStack API.</p> 17 18 <h2>Authentication in WebStack</h2> 19 20 <p>There are two principal methods of introducing authentication and applying 21 access control to WebStack applications:</p> 22 <ul> 23 <li><a href="authenticators.html">Application-Wide Authenticators</a></li> 24 <li><a href="login-redirect.html">LoginRedirect and Login Modules</a></li> 25 </ul> 26 27 <p>Here is a comparison of the features of these mechanisms:</p> 28 29 <table border="1" cellspacing="0" cellpadding="5"> 30 <tbody> 31 <tr> 32 <td></td> 33 <th>Application-Wide Authenticators</th> 34 <th>LoginRedirect and Login Modules</th> 35 </tr> 36 <tr> 37 <th>Deployment</th> 38 <td>Some Web server configuration required.<br /> 39 Application only requires an additional object for 40 authentication.</td> 41 <td>An additional login application or resource must be deployed.</td> 42 </tr> 43 <tr> 44 <th>Flexibility</th> 45 <td>Possibly inflexible user experience - users may only get the login 46 dialogue; probably no logout function.<br /> 47 HTTP-style authentication is well understood and supported when 48 automating client access.</td> 49 <td>The login and logout activities can be customised to suit the 50 appearance of the rest of the application.<br /> 51 Many applications can share the same login application, providing a 52 "single sign-on" experience and potentially reduced administrative 53 overhead.</td> 54 </tr> 55 </tbody> 56 </table> 57 </body> 58 </html>