Generally this means a username and
password, although banks in particular tend to ask for multiple pieces of information, such as a memorable
date or place, in addition to a password.
Even though we have discovered that accepting a username/password for authorization is the standard for
websites, the choice of where to store the information still has to be made. For standalone websites, it is
common to use a database table containing the list of usernames and passwords, but there are other options.
For sites that are part of a group, such as Yahoo!, then a separate system to handle the authentication is
necessary. One common system is LDAP, the Lightweight Directory Access Protocol, which stores the
information about the users in a separate service which can then be queried by other applications as required.
OpenID and Six Apart??™s Typekey are other systems that allow for authorization to be performed by another
service.
Licensed to Menshu You
Please post comments or corrections to the Author Online forum at
http://www.manning-sandbox.com/forum.jspa?forumID=329
6.1.2 What is authorisation?
Authorisation is the process of deciding whether or not to allow a user access to a resource or action. In web
terms, this usually means we are deciding if someone is allowed to view a certain page or perform an action
such as add a comment.
Pages:
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184