• Created by Unknown User (mattlangston), last modified on Dec 19, 2004

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Introduction

Many users are familiar with SSL encrypted web pages that ask them for their username and password to log into a web site. Web browsers use visual cues such as a gold lock to indicate to users that their username and password will be transmitted securely over the Internet. For example, this is what Wells Fargo Bank customers see in the lower right hand corner of the FireFox 1.0 browser when they log into their account:

Although SSL is widely used to allow users to securely log into a web site, it is not the only method that modern browsers support. Another method, which is just as seccure, is called Interated Windows Authentication (hereafter called IWA). Most web browsers (all versions of Internet Explorer, and recent versions of Gecko-based browsers such as FireFox 1.0) support IWA.

Whereas SSL uses visual cues to indicate to the user it is safe to type your password, IWA has no such visual cues. Some users have recently raised valid concerns that there are no visual cues for GLAST web pages that use IWA, so this article is an attempt to reassure those users that IWA is a secure way to authenticate a user to a web server over the internet.

How IWA works

Web browsers use a dialog box to prompt the user for their username and password. Here are the dialog boxes used by Internet Explorer 6.0 and FireFox 1.0:

Internet Explorer 6.0

FireFox 1.0

It is important to the user that they trust the web site they are sending their credential to, which is why the dialog boxes. In the dialog boxes above, it is clear to the user that they are connecting to the web site http://glast-ground.slac.stanford.edu/

While SSL visual cues are convenient, they don't remove the responsibility from the user of trusting the web server they are sending their credentials to.

aren't necessary. It is imporant to Browsers use the same

introduces IWA to users, and

The Windows web server called Internet Information Servies version 6 (hereafer referred to as IIS) has the ability to authenticate users using something called Interated Windows Authentication (hereafter called IWA, formerly called NTLM in previous versions of IIS). IWA is a secure method for users to prove to an IIS web server that they are who they say they are.

Although SSL is widely used to allow users to securely log into a web site, it is not the only method that modern browsers support. is well known, Web browsers such as Internet Explorer and Forefix 1.0 include support IWA.

for This is a secure that comes wth

  • No labels