Authentication Pattern

From The Secure Arc Wiki

Jump to: navigation, search


Design Pattern

Pattern Name and Classification

Authentication Pattern


This is an abstract pattern that has more specialised versions identifying specifically how it can be realised, such as the Reverse Proxy Pattern and the Embedded Authentication Pattern.

The fundamental goal of the Authentication Pattern is to identify the user wishing to perform an action. Once the user has been identified, subsequent authorisation decisions can then be made. The concepts of Authentication and Authorisation are distinctly separate, but typically co-dependent.

Motivation (Forces)

The need for Authentication is quite well understood. The follow Security Principles will require Authentication in order to be satisified:


Where any of the Security Principles listed above should be applied.

Related Patterns

See the Reverse Proxy Pattern and the Embedded Authentication Pattern for specialisations of the abstract Authentication Pattern.


Personal tools