Re: Authentication/Access-control libraries

• Previous message: Meidinger Chris: "AW: ICMP (Ping)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 3 Sep 2003 08:42:14 +0100 (BST)
To: n30_lists@hotmail.com

JAAS has been suggested, this offers useful functionality in the Java space but is unlikely to solve all your problems in the web tier, particularly as you mention ASP.

On the commercial front you should be looking at Netegrity SiteMinder, IBM Tivoli Access Manager and Oblix NetPoint. There are others but these are the market leaders (according to Gartner). All offer agents of some form that perform authentication and authorisation before access is granted to a URL thus saving you from having to put authentication and authorisation code in every page. They also offer mechanisms to do more granular authorisation inside your application should you want to.

There's much more to these products (flexible authentication schemes, policy based authorisation, SSO support, complementary identity management products, etc., etc.) but I'll spare you the sales pitch.

Hope that helps.

Simon

> from: n30 <n30_lists@hotmail.com>
> date: Tue, 02 Sep 2003 17:05:31
> to: security-basics@securityfocus.com, secprog@securityfocus.com, webappsec@securityfocus.com
> subject: Re: Authentication/Access-control libraries
>
> Gurus,
>
> Say I am a programmer designing an ecommerce site & wanting to write secure
> code. I have heard there are commercial & opensource secure libraries
> available out there that i can reuse for performing authentication and
> access control.
>
> Any links/pointers to them??
>
> I am specifically looking for asp & java. But any language should be fine. I
> will get an insight into things.
>
> Thanks in advance
> -n
>
>

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

• Previous message: Meidinger Chris: "AW: ICMP (Ping)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Can anyone identify this possible backdoor? ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ... (Incidents) RE: Re: Hunting for Mr Badmouth ... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ... (Security-Basics) RE: Windows XP Pro cracker? ... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ... (Security-Basics) RE: Can anyone identify this possible backdoor? ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ... (Incidents) RE: Windows XP Pro cracker? ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ... (Security-Basics)