Versions Compared

Old Version 11

changes.mady.by.user Unknown User (mattlangston)

Saved on

compared with

New Version 12

changes.mady.by.user Unknown User (mattlangston)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Whereas SSL uses the widely recognized gold lock visual cue to indicate to the user it is safe to type your password, IWA uses a different (but just as valid) visual cue to reassure the user it is safe to type your password. Some users have recently raised valid concerns the concern that since the visual cues are different , there are no visual cues for GLAST web pages that use IWA, so this article is an attempt to reassure those users that IWA is a secure way for the SSL and IWA methods, that some reassureance of the safety and validity of IWA be given to the GLAST community, which is the purpose of thie article.

How IWA works

Roughly speakig, there are two ways to authenticate a user to a web site called Forms Based Authentication and Browser Based Authentication. The method many users are familiar with is Forms Based Authentication, which is when a form embeded in a web page prompts a user for their username and password over an SSL connection to the web server. The user types their username and password into the web form and clicks the submit button which sends the credentials to the web server over the encypted SSL channel for authentication. It is important to point out that the user's web browser has no idea that the user is logging into the web site - all that the web browser knows is that it is sending information to the remote web site over an SSL channel.

The Browser Based Authentication mechanism is different in that it uses the browser's built-in functionality to authenticate a user to a web server over the internet.

How IWA works

Web browsers use a dialog box to prompt site. It is important to point out that the user's web browser fully participates in logging the user into the web site - a completely different approach to the Forms/SSL method. Since the browser knows it is loggin the user into a remote web site, it can use a build-in dialog box to ask the user for their username and password. Here are the dialog boxes used by Internet Explorer 6.0 and FireFox 1.0:

Internet Explorer 6.0

FireFox 1.0

The Browser Based Authentication mechanism

It is important to the user that they trust the web site they are sending their credential to, which is why the dialog boxes. In the dialog boxes above, it is clear to the user that they are connecting to the web site http://glast-ground.slac.stanford.edu/

...