From The Secure Arc Wiki

Contents 1 Design Pattern 1.1 Pattern Name and Classification 1.2 Intent 1.3 Motivation (Forces) 1.4 Applicability 1.5 Related Patterns 2 Navigation

Design Pattern

Pattern Name and Classification

Authentication Pattern

Intent

This is an abstract pattern that has more specialised versions identifying specifically how it can be realised, such as the Reverse Proxy Pattern and the Embedded Authentication Pattern.

The fundamental goal of the Authentication Pattern is to identify the user wishing to perform an action. Once the user has been identified, subsequent authorisation decisions can then be made. The concepts of Authentication and Authorisation are distinctly separate, but typically co-dependent.

Motivation (Forces)

The need for Authentication is quite well understood. The follow Security Principles will require Authentication in order to be satisified:

• Accountability
• Least Privilege
• Segregation of Duties
• Defence in Depth
• Minimise Attack Surface
• Do not Trust Services

Applicability

Where any of the Security Principles listed above should be applied.

Related Patterns

See the Reverse Proxy Pattern and the Embedded Authentication Pattern for specialisations of the abstract Authentication Pattern.

Navigation

• Back to The Design Patterns