Authorization/Authentication

Review, Research, and Discussion

What header(s) are used in authentication and authorization

Basic Auth

It is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic, followed by a space and a base64-encoded(non-encrypted) string username: password. For example, to authorize as username / Pa$$w0rd the client would send.
Bearer Token:

Commonly known as token authentication. It is an HTTP authentication scheme that involves security tokens called bearer tokens. As the name depicts “Bearer Authentication” gives access to the bearer of this token.

What is safe to put into a JWT

How are JWTs validated

When you receive a JWT from the client, you can verify that JWT with this that secret key stored on the server. Any modification to the JWT will result in verification (JWT validation) failure. A JWT is simply a string but it contains three distinct parts separated with dots (.).

The Application server, instead of just taking the username from the header, will first validate the JWT:

if the signature is correct, then the user is correctly authenticated and the request goes through.
if not, the application server can simply reject the request.

Document the following Vocabulary Terms

RBAC:

Role-based access control (RBAC) is a policy-neutral access-control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. A study by NIST has demonstrated that RBAC addresses many needs of commercial and government organizations.RBAC can be used to facilitate administration of security in large organizations with hundreds of users and thousands of permissions. Although RBAC is different from MAC and DAC access control frameworks, it can enforce these policies without any complication.

User Roles:

User Roles are permission sets that control access to areas and features within the Professional Archive Platform. Each User account requires a Role assignment.

A permission is the right to access one or more system objects. A role is a group of permissions. Roles can be assigned to any user or user group, and a user or user group can have more than one role. Unlike hierarchical users, a role does not contain another role

JWT Token:

JSON Web Token is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.

JSON web tokens are used to securely transmit data between parties as JSON objects

reading-notes

this repo will contain my reading during the course .

Authorization/Authentication

Review, Research, and Discussion

What header(s) are used in authentication and authorization

Basic Auth

Bearer Token:

Commonly known as token authentication. It is an HTTP authentication scheme that involves security tokens called bearer tokens. As the name depicts “Bearer Authentication” gives access to the bearer of this token.

What is safe to put into a JWT

How are JWTs validated

When you receive a JWT from the client, you can verify that JWT with this that secret key stored on the server. Any modification to the JWT will result in verification (JWT validation) failure. A JWT is simply a string but it contains three distinct parts separated with dots (.).

The Application server, instead of just taking the username from the header, will first validate the JWT:

if the signature is correct, then the user is correctly authenticated and the request goes through.

if not, the application server can simply reject the request.

Document the following Vocabulary Terms

RBAC:

User Roles:

User Roles are permission sets that control access to areas and features within the Professional Archive Platform. Each User account requires a Role assignment.

A permission is the right to access one or more system objects. A role is a group of permissions. Roles can be assigned to any user or user group, and a user or user group can have more than one role. Unlike hierarchical users, a role does not contain another role

JWT Token:

JSON Web Token is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.

JSON web tokens are used to securely transmit data between parties as JSON objects

Preview

Which 3 things had you heard about previously and now have better clarity on?

RBAC, JWT, ACL

Which 3 things are you hoping to learn more about in the upcoming lecture/demo?

RBAC, ACL, cookies, sessions, extra layers of encryption for JWTs, securing JWTs

What are you most excited about trying to implement or see how it works?

Resources :

Authorization/Authentication

Review, Research, and Discussion

What header(s) are used in authentication and authorization

Basic Auth

Bearer Token:

Commonly known as token authentication. It is an HTTP authentication scheme that involves security tokens called bearer tokens. As the name depicts “Bearer Authentication” gives access to the bearer of this token.

The bearer token is a cryptic string, usually generated by the server in response to a login request.

What is safe to put into a JWT

How are JWTs validated

When you receive a JWT from the client, you can verify that JWT with this that secret key stored on the server. Any modification to the JWT will result in verification (JWT validation) failure. A JWT is simply a string but it contains three distinct parts separated with dots (.).

The Application server, instead of just taking the username from the header, will first validate the JWT:

if the signature is correct, then the user is correctly authenticated and the request goes through.

if not, the application server can simply reject the request.

Document the following Vocabulary Terms

RBAC:

User Roles:

User Roles are permission sets that control access to areas and features within the Professional Archive Platform. Each User account requires a Role assignment.

A permission is the right to access one or more system objects. A role is a group of permissions. Roles can be assigned to any user or user group, and a user or user group can have more than one role. Unlike hierarchical users, a role does not contain another role

JWT Token:

JSON Web Token is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.

JSON web tokens are used to securely transmit data between parties as JSON objects

Preview

Which 3 things had you heard about previously and now have better clarity on?

RBAC, JWT, ACL

Which 3 things are you hoping to learn more about in the upcoming lecture/demo?

RBAC, ACL, cookies, sessions, extra layers of encryption for JWTs, securing JWTs

What are you most excited about trying to implement or see how it works?

sessions, extra layers of encryption with JWTs, best practices related to auth, JWT, RBAC, ACL

Resources :