Hello all,
After going trough Darby and Gavin's proposal on Authentication I did
some research. I believe that there is more brainstorming to be done.
Authentication is any process by which you verify that someone is who
they claim they are. This usually involves a username and a password,
but can include any other method of demonstrating identity.
Access control hower, is a much more general way of talking about
controlling access to a web resource (very abstract). Access can be
granted or denied based on a *very wide* variety of criteria, such as
the network address of the client, username, password, the time of day,
the phase of the moon, or the browser which the visitor is using.
These techniques are so closely related in most real applications, it is
difficult to talk about them separate from one another. However I think
that it is a pretty big design decision that has to be made. Do we make
a difference between these two, or do we *wrap* them in one class?
I would like to ask for brainstorm time, where we can openly consider
all ideas to help synthesize a final proposal, before further decisions
are made.
Best regards,
Andries Seutens
Belgium
http://andries.systray.be
