Form based authentication
- Form based authentication
Form-based authentication is presently (i.e. early in the 21st century) employed as a term of art in the context of Web- and Internet-based online networked computer systems. In general, it refers to the notion of a user being presented with an editable "form" to fill in and submit in order to login to some system or service. However, the term is actually ambiguous in that the notion of using some sort of displayed "form" in which one enters credential information, is a technique that is "not" unique to the Web.
As the term is often used, it strongly implies default employment of HTTP and HTML (or XHTML) as part of the technique. This particular technique is specifically discussed here: HTTP%2BHTML Form based authentication.
A defining characteristic of the general notion of form-based authentication, as it is commonly used, is that the credential prompting and subsequent credential conveyance is conducted out-of-band relative to the transfer protocol employed between the client and server. For example, in the case of HTTP%2BHTML Form based authentication, the authentication features built into HTTP itself are not used. Rather, the prompting information, e.g. "username: " and "password: ", are conveyed, opaquely to HTTP itself, as just HTML or XHTML <FORM> data. Similarly, the submitted credentials are conveyed simply as part of submitted <FORM> data.
Note that in the case of the common "login prompt" one sees when using telnet to access another computer system, the former general notion applies. I.e. it is another instance of "form-based authentication".
Further characteristics and implications of the general notion of form-based authentication, as the term is commonly employed, are that it is inherently ad-hoc and not standardized, the client does not authenticate the server unless extra means are employed (e.g. TLS), the client typically is not made explicitly aware of the authentication mechanism being employed by the server nor the level of assurance that the authentication mechanism features.
ee Also
*Authentication
*Basic access authentication
*Digest access authentication
*Login
Wikimedia Foundation.
2010.
Look at other dictionaries:
HTTP+HTML Form based authentication — HTTP+HTML Form based authentication, typically presently colloquially referred to as simply Form based authentication (which in actuality is ambiguous, see form based authentication for further explanation), is a technique whereby a website uses… … Wikipedia
Authentication — (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic , that is, that claims made by or about the thing are true. This might involve confirming the identity… … Wikipedia
Digest access authentication — HTTP Persistence · Compression · HTTPS Request methods OPTIONS · GET · HEAD · POST · PUT · DELETE · TRACE · CONNECT Header fields Cookie · ETag · Location · Referer DNT · … Wikipedia
Two-factor authentication — (TFA, T FA or 2FA) is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi factor authentication, which is a defense in … Wikipedia
Pre-boot authentication — (PBA) serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper proof environment external to the operating system as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the… … Wikipedia
Protected Extensible Authentication Protocol — PEAP is also an acronym for Personal Egress Air Packs. Protected Extensible Authentication Protocol, Protected EAP, or simply PEAP (pronounced peep ), is a method to securely transmit authentication information, including passwords, over wired or … Wikipedia
Closed-loop authentication — Closed loop authentication, as applied to computer network communication, refers to a mechanism whereby one party verifies the purported identity of another party by requiring them to supply a copy of a token transmitted to the canonical or… … Wikipedia
Extensible Authentication Protocol — Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point to Point connections. It is defined in RFC 3748, which has been updated by RFC 5247. Although the EAP protocol is… … Wikipedia
Visitor Based Network — What is a Visitor based Network (VBN)? A Visitor based network (VBN) is a network designed for mobile users in need of temporary Internet service. A visitor based network is most commonly established in hotels, airports, convention centers,… … Wikipedia
Message Authentication Code — Ein Message Authentication Code (MAC) dient dazu, Gewissheit über den Ursprung von Daten oder Nachrichten zu erhalten und ihre Integrität zu überprüfen.[1] MAC Algorithmen erfordern zwei Eingabeparameter, erstens die zu schützenden Daten und… … Deutsch Wikipedia
