A guide to claims-based identity and access control

En savoir plus sur le livre

As systems have become interconnected and complex, programmers needed methods to identify users across multiple computers. One common approach is for users on one computer to authenticate with applications on other computers, a method still prevalent today, especially for logging into various websites. However, this becomes unmanageable in environments with many cooperating systems, such as enterprises. This led to the creation of specialized services for user registration and authentication, providing claims about users to applications. Examples include NTLM, Kerberos, Public Key Infrastructure (PKI), and Security Assertion Markup Language (SAML). Most enterprise applications require basic user security features, including user authentication and access authorization for privileged functions. Some applications also need to audit user actions. On Windows®, these features are integrated into the operating system, simplifying application integration. By leveraging Windows integrated authentication, developers avoid creating their own protocols or managing user databases. Utilizing access control lists (ACLs), impersonation, and groups allows for straightforward authorization implementation. This principle applies across all operating systems. However, challenges arise when extending access to users without Windows accounts or those using different operating systems. This book provides insights into claims-based identity as a via