|
SPNEGO
Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO), often pronounced "spenay-go", is a GSSAPI "pseudo mechanism" used by client-server software to negotiate the choice of security technology. SPNEGO is used when a client application wants to authenticate to a remote server, but neither end is sure what authentication protocols the other supports. The pseudo-mechanism uses a protocol to determine what common GSSAPI mechanisms are available, selects one and then dispatches all further security operations to it. This can help organizations deploy new security mechanisms in a phased manner. SPNEGO's most visible use is in Microsoft's "HTTP Negotiate" authentication extension. It was first implemented in Internet Explorer 5.01 and IIS 5.0 and provided single sign-on capability later marketed as ''Integrated Windows Authentication''. The negotiable sub-mechanisms included NTLM and Kerberos, both used in Active Directory. The HTTP Negotiate extension was later implemented with si ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Integrated Windows Authentication
Integrated Windows Authentication (IWA) is a term associated with Microsoft products that refers to the SPNEGO, Kerberos, and NTLMSSP authentication protocols with respect to SSPI functionality introduced with Microsoft Windows 2000 and included with later Windows NT-based operating systems. The term is used more commonly for the automatically authenticated connections between Microsoft Internet Information Services, Internet Explorer, and other Active Directory aware applications. IWA is also known by several names like ''HTTP Negotiate authentication'', ''NT Authentication'', ''NTLM Authentication'', ''Domain authentication'', ''Windows Integrated Authentication'', ''Windows NT Challenge/Response authentication'', or simply ''Windows Authentication''. Overview Integrated Windows Authentication uses the security features of Windows clients and servers. Unlike Basic Authentication or Digest Authentication, initially, it does not prompt users for a user name and password. The ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GSSAPI
The Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services. The GSSAPI is an IETF standard that addresses the problem of many similar but incompatible security services in use today. Operation The GSSAPI, by itself, does not provide any security. Instead, security-service vendors provide GSSAPI ''implementations'' - usually in the form of libraries installed with their security software. These libraries present a GSSAPI-compatible interface to application writers who can write their application to use only the vendor-independent GSSAPI. If the security implementation ever needs replacing, the application need not be rewritten. The definitive feature of GSSAPI applications is the exchange of opaque messages (''tokens'') which hide the implementation detail from the higher-level application. The client and server sides of the application are written to convey the tokens given ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Single Sign-on
Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-entering authentication factors. It should not be confused with same-sign on (Directory Server Authentication), often accomplished by using the Lightweight Directory Access Protocol (LDAP) and stored LDAP databases on (directory) servers. A simple version of single sign-on can be achieved over IP networks using cookies but only if the sites share a common DNS parent domain. For clarity, a distinction is made between Directory Server Authentication (same-sign on) and single sign-on: Directory Server Authentication refers to systems requiring authentication for each application but using the same credentials from a directory server, whereas single sign-on refers to systems where a single authentication provides access to multiple applications by ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Kerberos (protocol)
Kerberos () is a computer-network authentication protocol that works on the basis of ''tickets'' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds on symmetric-key cryptography and requires a trusted third party, and optionally may use public-key cryptography during certain phases of authentication.RFC 4556, abstract. Kerberos uses UDP port 88 by default. The protocol was named after the character '' Kerberos'' (or ''Cerberus'') from Greek mythology, the ferocious three-headed guard dog of Hades. History and development Massachusetts Institute of Technology (MIT) developed Kerberos in 1988 to protect network services provided by Project Athena. The protocol is ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internet Draft
An Internet Draft (I-D) is a document published by the Internet Engineering Task Force (IETF) containing preliminary technical specifications, results of networking-related research, or other technical information. Often, Internet Drafts are intended to be work-in-progress documents for work that is eventually to be published as a Request for Comments (RFC) and potentially leading to an Internet Standard. It is considered inappropriate to rely on Internet Drafts for reference purposes. I-D citations should indicate the I-D is a ''work in progress''. An Internet Draft is expected to adhere to the basic requirements imposed on any RFC. An Internet Draft is only valid for six months unless it is replaced by an updated version. An otherwise expired draft remains valid while it is under official review by the Internet Engineering Steering Group The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical stand ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Message Integrity Code
In cryptography, a message authentication code (MAC), sometimes known as a ''tag'', is a short piece of information used for authenticating a message. In other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. The MAC value protects a message's data integrity, as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content. Terminology The term message integrity code (MIC) is frequently substituted for the term ''MAC'', especially in communications to distinguish it from the use of the latter as ''media access control address'' (''MAC address''). However, some authors use MIC to refer to a message digest, which aims only to uniquely but opaquely identify a single message. RFC 4949 recommends avoiding the term ''message integrity code'' (MIC), and instead using ''checksum'', ''error detection code'', '' hash'', ''keyed hash'', ''message authentication code'', ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Distinguished Encoding Rules
X.690 is an ITU-T standard specifying several ASN.1 encoding formats: * Basic Encoding Rules (BER) * Canonical Encoding Rules (CER) * Distinguished Encoding Rules (DER) The Basic Encoding Rules (BER) were the original rules laid out by the ASN.1 standard for encoding data into a binary format. The rules, collectively referred to as a ''transfer syntax'' in ASN.1 parlance, specify the exact octets (8-bit bytes) used to encode data. X.680 defines a syntax for declaring data types, for example: booleans, numbers, strings, and compound structures. Each type definition also includes an identifying number. X.680 defines several ''primitive'' data types, for example: BooleanType, IntegerType, OctetStringType. (ASN.1 also provides for ''constructed'' types built from other types.) Types are associated with a ''class''. For example, the primitive types are part of the ''universal'' class. The three other classes (''application'', ''private'', and ''context-specific'') are essential ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Confidentiality (Security)
Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required to keep confidential anything pertaining to the representation of a client. The duty of confidentiality is much broader than the attorney–client evidentiary privilege, which only covers ''communications'' between the attorney and the client. Both the privilege and the duty serve the purpose of encouraging clients to speak frankly about their cases. This way, lawyers can carry out their duty to provide clients with zealous representation. Otherwise, the opposing side may be able to surprise the lawyer in court with something he did not know about his client, which may weaken the client's position. Also, a distrustful client might hide a relevant fact he thinks is incriminating, but that a skilled lawyer could turn to the client's advanta ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Data Integrity
Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire Information Lifecycle Management, life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The term is broad in scope and may have widely different meanings depending on the specific context even under the same general umbrella of computing. It is at times used as a proxy term for data quality, while data validation is a prerequisite for data integrity. Data integrity is the opposite of data corruption. The overall intent of any data integrity technique is the same: ensure data is recorded exactly as intended (such as a database correctly rejecting mutually exclusive possibilities). Moreover, upon later Data retrieval, retrieval, ensure the data is the same as when it was originally recorded. In short, data integrity aims to prevent unintentional changes to information. Data integrity is not to be confus ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Delegation (Security)
Delegation is the assignment of authority to another person (normally from a manager to a subordinate) to carry out specific activities. It is the process of distributing and entrusting work to another person,Schermerhorn, J., Davidson, P., Poole, D., Woods, P., Simon, A., & McBarron, E. (2017). ''Management'' (6th ed., pp. 282–286). Brisbane: John Wiley & Sons Australia. and therefore one of the core concepts of management leadership. The process involves managers deciding which work they should do themselves and which work should be delegated to others for completion. From a managerial standpoint, delegation involves shifting project responsibility to team members, giving them the opportunity to finalize the work product effectively, with minimal intervention. The opposite of effective delegation is micromanagement, where a manager provides too much input, direction, and review of delegated work. Delegation empowers a subordinate to make decisions. It is a shifting of decision- ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Object Identifier
In computing, object identifiers or OIDs are an identifier mechanism standardized by the International Telecommunication Union (ITU) and ISO/IEC for naming any object, concept, or "thing" with a globally unambiguous persistent name. Syntax and lexicon An OID corresponds to a node in the "OID tree" or hierarchy, which is formally defined using the ITU's OID standard, X.660. The root of the tree contains the following three arcs: * 0: ITU-T * 1: ISO * 2: joint-iso-itu-t Each node in the tree is represented by a series of integers separated by periods, corresponding to the path from the root through the series of ancestor nodes, to the node. Thus, an OID denoting Intel Corporation appears as follows, :1.3.6.1.4.1.343 and corresponds to the following path through the OID tree: * 1 ISO * 1.3 identified-organization, * 1.3.6 DoD, * 1.3.6.1 internet, * 1.3.6.1.4 private, * 1.3.6.1.4.1 IANA enterprise numbers, * 1.3.6.1.4.1.343 Intel Corporation A textual representation of the O ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Mozilla Firefox
Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and anticipated web standards. In November 2017, Firefox began incorporating new technology under the code name "Quantum" to promote parallelism and a more intuitive user interface. Firefox is available for Windows 7 and later versions, macOS, and Linux. Its unofficial ports are available for various Unix and Unix-like operating systems, including FreeBSD, OpenBSD, NetBSD, illumos, and Solaris Unix. It is also available for Android and iOS. However, as with all other iOS web browsers, the iOS version uses the WebKit layout engine instead of Gecko due to platform requirements. An optimized version is also available on the Amazon Fire TV as one of the two main browsers available with Amazon's Silk Browser. Firefox was created in 2002 under t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
