# HG changeset patch # User paulb # Date 1113090649 0 # Node ID d0112e8a1847a73cb28cf189727ef6d3d88a7862 # Parent bd75e0085bda0036b39116da58a703f6515787be [project @ 2005-04-09 23:50:49 by paulb] Reorganised the authentication coverage, adding a comparison table. diff -r bd75e0085bda -r d0112e8a1847 docs/securing.html --- a/docs/securing.html Sat Apr 09 23:25:58 2005 +0000 +++ b/docs/securing.html Sat Apr 09 23:50:49 2005 +0000 @@ -20,16 +20,39 @@

There are two principal methods of introducing authentication and applying access control to WebStack applications:

Use of authenticators, where the "remote user" is set in the - server/framework environment and tested in the application.
Use of the WebStack.Resources.LoginRedirect and - WebStack.Resources.Login modules.

- -

Choosing an Authentication Strategy

+ +

Here is a comparison of the features of these mechanisms:

+ + + + + + + + + + + + + + + + + + + +

	Application-Wide Authenticators	LoginRedirect and Login Modules
Deployment	Some Web server configuration required. + Application only requires an additional object for + authentication.	An additional login application or resource must be deployed.
Flexibility	Possibly inflexible user experience - users may only get the login + dialogue; probably no logout function. + HTTP-style authentication is well understood and supported when + automating client access.	The login and logout activities can be customised to suit the + appearance of the rest of the application. + Many applications can share the same login application, providing a + "single sign-on" experience and potentially reduced administrative + overhead.