1.1 --- a/docs/securing.html Sat Apr 09 23:25:58 2005 +0000
1.2 +++ b/docs/securing.html Sat Apr 09 23:50:49 2005 +0000
1.3 @@ -20,16 +20,39 @@
1.4 <p>There are two principal methods of introducing authentication and applying
1.5 access control to WebStack applications:</p>
1.6 <ul>
1.7 - <li>Use of authenticators, where the "remote user" is set in the
1.8 - server/framework environment and tested in the application.</li>
1.9 - <li>Use of the <code>WebStack.Resources.LoginRedirect</code> and
1.10 - <code>WebStack.Resources.Login</code> modules.</li>
1.11 -</ul>
1.12 -
1.13 -<h2>Choosing an Authentication Strategy</h2>
1.14 -<ul>
1.15 <li><a href="authenticators.html">Application-Wide Authenticators</a></li>
1.16 <li><a href="login-redirect.html">LoginRedirect and Login Modules</a></li>
1.17 </ul>
1.18 +
1.19 +<p>Here is a comparison of the features of these mechanisms:</p>
1.20 +
1.21 +<table border="1" cellspacing="0" cellpadding="5">
1.22 + <tbody>
1.23 + <tr>
1.24 + <td></td>
1.25 + <th>Application-Wide Authenticators</th>
1.26 + <th>LoginRedirect and Login Modules</th>
1.27 + </tr>
1.28 + <tr>
1.29 + <th>Deployment</th>
1.30 + <td>Some Web server configuration required.<br />
1.31 + Application only requires an additional object for
1.32 + authentication.</td>
1.33 + <td>An additional login application or resource must be deployed.</td>
1.34 + </tr>
1.35 + <tr>
1.36 + <th>Flexibility</th>
1.37 + <td>Possibly inflexible user experience - users may only get the login
1.38 + dialogue; probably no logout function.<br />
1.39 + HTTP-style authentication is well understood and supported when
1.40 + automating client access.</td>
1.41 + <td>The login and logout activities can be customised to suit the
1.42 + appearance of the rest of the application.<br />
1.43 + Many applications can share the same login application, providing a
1.44 + "single sign-on" experience and potentially reduced administrative
1.45 + overhead.</td>
1.46 + </tr>
1.47 + </tbody>
1.48 +</table>
1.49 </body>
1.50 </html>