Dr. Dobb’s: User Authentication: It Doesn’t Belong In Your Application
This recent article on Dr. Dobb’s echos what we’ve been saying for months: If your password is compromised, whether or not it’s your fault, it’s always your problem. If developing a web application is in your future, you must read this article.
…Decouple the authentication process from your application and take advantage of the growing acceptance of standards like SAML andOpenID to let dedicated Identity Providers take on the responsibility of authenticating users.
Whether you use OpenID or SAML, the process is similar. Your application exchanges identity assertions with other applications, typically trusted identity providers or partners. The Identity Provider (IdP) authenticates the user. Your application is a ’service provider’ or identity consumer (the terminology varies with the protocol). It consumes or accepts the identity assertions of the provider. Your application only needs to maintain the list of the providers or partners that you trust when it comes to user identity.
Sponsors
