1.1 --- a/docs/securing.html Sat Apr 30 00:22:03 2005 +0000
1.2 +++ b/docs/securing.html Sat Apr 30 20:31:51 2005 +0000
1.3 @@ -1,32 +1,28 @@
1.4 -<?xml version="1.0" encoding="iso-8859-1"?>
1.5 -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
1.6 - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1.7 +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1.8 <html xmlns="http://www.w3.org/1999/xhtml">
1.9 <head>
1.10 <title>Securing a WebStack Application</title>
1.11 - <meta name="generator" content="amaya 8.1a, see http://www.w3.org/Amaya/" />
1.12 + <meta name="generator"
1.13 + content="amaya 8.1a, see http://www.w3.org/Amaya/" />
1.14 <link href="styles.css" rel="stylesheet" type="text/css" />
1.15 </head>
1.16 -
1.17 <body>
1.18 <h1>Securing a WebStack Application</h1>
1.19 -
1.20 -<p>Making sure that Web applications are "secure" involves many different
1.21 -aspects of application design, deployment and administration. This document
1.22 -covers only the usage of the authentication features of the WebStack API.</p>
1.23 -
1.24 +<p>Making sure that Web applications are "secure" involves many
1.25 +different
1.26 +aspects of application design, deployment and administration. This
1.27 +guide currently only covers the usage of the authentication features of
1.28 +the WebStack API.</p>
1.29 <h2>Authentication in WebStack</h2>
1.30 -
1.31 -<p>There are two principal methods of introducing authentication and applying
1.32 +<p>There are two principal methods of introducing authentication and
1.33 +applying
1.34 access control to WebStack applications:</p>
1.35 <ul>
1.36 <li><a href="authenticators.html">Application-Wide Authenticators</a></li>
1.37 <li><a href="login-redirect.html">LoginRedirect and Login Modules</a></li>
1.38 </ul>
1.39 -
1.40 <p>Here is a comparison of the features of these mechanisms:</p>
1.41 -
1.42 -<table border="1" cellspacing="0" cellpadding="5">
1.43 +<table border="1" cellpadding="5" cellspacing="0">
1.44 <tbody>
1.45 <tr>
1.46 <td></td>
1.47 @@ -35,22 +31,41 @@
1.48 </tr>
1.49 <tr>
1.50 <th>Deployment</th>
1.51 - <td>Some Web server configuration required.<br />
1.52 - Application only requires an additional object for
1.53 - authentication.</td>
1.54 - <td>An additional login application or resource must be deployed.</td>
1.55 + <td>
1.56 + <ul>
1.57 + <li>Some Web server configuration required.</li>
1.58 + <li>The application only requires an additional object to be
1.59 +instantiated to support authentication.</li>
1.60 + </ul>
1.61 + </td>
1.62 + <td>
1.63 + <ul>
1.64 + <li>An additional login application or resource must be
1.65 +deployed.</li>
1.66 + </ul>
1.67 + </td>
1.68 </tr>
1.69 <tr>
1.70 <th>Flexibility</th>
1.71 - <td>Possibly inflexible user experience - users may only get the login
1.72 - dialogue; probably no logout function.<br />
1.73 - HTTP-style authentication is well understood and supported when
1.74 - automating client access.</td>
1.75 - <td>The login and logout activities can be customised to suit the
1.76 - appearance of the rest of the application.<br />
1.77 - Many applications can share the same login application, providing a
1.78 - "single sign-on" experience and potentially reduced administrative
1.79 - overhead.</td>
1.80 + <td>
1.81 + <ul>
1.82 + <li>The user experience may seem too inflexible or unfriendly -
1.83 +users may only get the login dialogue.</li>
1.84 + <li>There is also probably no logout function, since it
1.85 +requires browser support.</li>
1.86 + <li> HTTP-style authentication is well understood and supported
1.87 +when automating client access.</li>
1.88 + </ul>
1.89 + </td>
1.90 + <td>
1.91 + <ul>
1.92 + <li>The login and logout activities can be customised to suit
1.93 +the appearance of the rest of the application.</li>
1.94 + <li> Many applications can share the same login application,
1.95 +providing a "single sign-on" experience and potentially reduced
1.96 +administrative overhead.</li>
1.97 + </ul>
1.98 + </td>
1.99 </tr>
1.100 </tbody>
1.101 </table>