CDNWiki - View Source: RobertButler/Authentication

Note: You are viewing an old version of this page. View the current version.
!!! [HMAC Authentication|RobertButler/Authentication]
Authentication System:
  * Token-based
    * Tokens expire
    * If the token expires, session information gathered from the client is re-validated against the database
      * If authentication succeeds, the life of the token is extended.
      * If authentication encounters a problem, the user is prompted to re-present their authentication credentials.
  * The by-product of authentication gives the user a token, were their (cached) authorization infomation is stored.
  * Tokens have an optional lifetime that is specified by the client and have a maximum lifetime specified by the container that created it.
  * Authentication in one Domain may or may not facilitate authentication (methods) which may or may not provide authentication inside other domains
  * Authentication information is not just limited to Login names and Passwords, however.
  * Domains are a grouping of
    * Authentication information, comprising of one or more
      * User Accounts
      * Passwords
      * Application-specific Auth information
    * User preferences
    * User account settings

!!! [HMAC Authorization|RobertButler/Authorization]