Why do we need user authentication for the web?
The web has moved from just distributing information anonymously to communicate (Email, Chat, Instant Messaging), interact (Social Networks, Blogs, Forums, Voice and Video Conferencing), transact (Banking, Stock Trading, Ticketing), commerce (Shopping, Trading, Auctioning), entertainment (Music, Movies, Games), storage (documents, photographs, audio and video) and education.
The advantages of web applications are manifold. Some of them are – Operating System and device independence, 24×7 availability, accessible from anywhere, scalable, easy to configure, manage and support.
As more and more applications are migrating to the cloud and web, securely identifying and authenticating a user before allowing access to protected resources becomes very crucial.
As web (Hyper Text Transport Protocol – HTTP(S)) and it’s uses evolved so does the authentication mechanisms. Let us look at the various authentication mechanisms available to developers of web applications.
Types and history of user authentication on the web
The user authentication schemes can be broadly classified as follows, based on mechanism used to identify and authenticate the user before granting access to restricted resource on the web server.
- HTTP Server Based Authentication
- Application Level Authentication
- Third Party Authentication
In all of the above mechanisms user is identified by requesting unique user name and password. These unique user name / password pairs are stored on the server. The user have to supply this unique user name / password pair before requesting a restricted resource.
In the coming posts we will examine each of these schemes in details and their pros and cons.