How would it supplement OS security? If your server program is running as a named user, that will be the user the OS uses for authorization regardless of the end-user (unless it does user swapping like CGI).



-----Original Message-----
From: Nathan Andelin [mailto:nandelin@xxxxxxxxx]
Sent: Friday, December 23, 2016 12:51 PM
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Subject: Re: [WEB400] In-house authentication & authorization


So your app/framework stands in for the OS for
authentication/authorization?


I view the app/framework as a supplement to OS authentication/authorization
- not a replacement. I hope that makes sense. Green-screen applications often supplement with rules which are outside the scope of IBM i object authorities (i.e. which users can run a menu item, User A may see employee SSN - not User B).

The first problem being another set of credentials for every user.


Web App/frameworks often include a variety of options for authenticating
users:

1. Against a database of users.
2. Against IBM i user profiles and authentication rules (including disabled profiles, expired passwords, etc.).
3. Against LDAP directories.
4. Against oAuth realms.

My company provides multi-tenant hosting for K-12 schools and school districts. My user profile is authenticated against my IBM i user profile.
However, we don't set up IBM i user profiles for students and parents (for example), because they have no need for services such as ACS, telnet, ssh, ftp, etc. They're only using browser user interfaces. We set up a user profile for them in an IBM i table, and authenticate against that.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.