Authentication
I was recently talking with a colleague about Application Authentication. We were both in agreement that there is a logical separation between Authentication (Am I who I Say I am?) and Authorization (What rights and privileges do I have in your application).
One of the key things about our conversation was the ever changing world of Authenticating. In the 1990s you would see such Single Sign on utilities as RACF. Novell tried its hand and was a force for some time. Other third party venders had solutions. Microsoft got into the game with Passport.
Now, with the more flexible internet capabilities it seems that folks would rather use their Twitter, Facebook or Google accounts as authentication. Many sites automatically allow you to link your profiles across apps and across social networks.
With the way the world is changing, it seems to me that any application should have some sort of framework allowing new pluggable authentication capabilities to be added. This allows you to integrate with more than one Authentication source today, and add new sources as they build popularity without having to rewire your application for each new entry.
The same kind of problem holds true in any application. In a recent MSDN flash I came across an example solution in a posting by Wade Wegner with a framework for authentication using Windows Phone. This is a pretty good example of what I am talking about.
Do you have an authentication framework you like to use in your applications (java, RPG, Dot Net, Etc…)? Drop a note to btaylor@sswug.org and share your favorite.
Cheers,
Ben
$$SWYNK$$
Featured White Paper(s)
SharePoint 2010 Enables the Enterprise
Written by KnowledgeLake
read more)