Authentication Pattern

From The Secure Arc Wiki

Jump to: navigation, search

Contents

Design Pattern

Pattern Name and Classification

Authentication Pattern

Intent

This is an abstract pattern that has more specialised versions identifying specifically how it can be realised, such as the Reverse Proxy Pattern and the Embedded Authentication Pattern.

The fundamental goal of the Authentication Pattern is to identify the user wishing to perform an action. Once the user has been identified, subsequent authorisation decisions can then be made. The concepts of Authentication and Authorisation are distinctly separate, but typically co-dependent.

Motivation (Forces)

The need for Authentication is quite well understood. The follow Security Principles will require Authentication in order to be satisified:

Applicability

Where any of the Security Principles listed above should be applied.

Related Patterns

See the Reverse Proxy Pattern and the Embedded Authentication Pattern for specialisations of the abstract Authentication Pattern.

Navigation

Personal tools