10 Authentication

Authentication Frameworks link

Terminology link

• Authentication: The process of verifying the identity of a user or process.
• Authorization: The process of verifying that a user or process has the necessary permissions to access a resource.
• Federated: Authentication and authorization are delegated to a third party.
• Realm: A set of protected resources.
• Token: A piece of data that represents a user’s identity.
• Identity Provider (IdP): A service that identifies the identity and issues tokens to users.
• Metaverse: Consolidated view of identity information from multiple sources.

Authentication Sources link

There exist different sources where the authentication information can be stored. They all have different properties and use cases.

• Hardcoded (very bad, do not do this ever!)
• Files (e.g. /etc/passwd)
• Databases (e.g. MySQL, PostgreSQL, MongoDB)
• LDAP (Lightweight Directory Access Protocol, e.g. Active Directory, OpenLDAP, …)

Frameworks link

There exist different frameworks that can be used to implement authentication.

• Microsoft Active Directory Federation Services (ADFS)
• Shibboleth
• Keycloak
• SAML2/OIDC/OAuth2 (standardized protocols)
• PAM (Pluggable Authentication Modules)

CAPTCHA Frameworks link

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge-response test used in computing to determine whether or not the user is human.

• reCAPTCHA
• hCaptcha
• MTCaptcha
• WPForms Custom Captcha
• BotDetect Captcha
• Sucuri Captcha