Best solution to authorize that a user is only allowed to modify/act with...
Background: Currently in the process of building out a REST API, using node w/express and it is consumed by a mobile app and eventually a (modern browser based) website. I’m trying to identify the best...
View ArticleOverarching term for 'authentication' and 'authorization'?
The internet is rife with ‘authentication vs. authorization’-type questions. I’m not asking that here. I’m wondering if there is some overarching term that encompasses both of these. I’ve seen...
View ArticleAuthorization on complex ownership
I have problem with object ownership in my web application. In my web application. There are object types: 1. Faculty 2. Student 3. Student Group 4. Student Lesson The following user roles are...
View ArticleWho's been accessing my computer with TeamViewer? Tracking through UUID
So here I am, sitting at my computer screen on the one day of the week I stayed home from work, checking messages on my phone, when out the corner of my eye I see a browser page being opened. It was...
View ArticleUse OpenId Connect for authentication only
OpenId Connect adds authentication to the OAuth2 protocol. OAuth2 is a protocol used for authorization. But what if I’m only interested in authenticating a user? After reading up on OpenId Connect, it...
View ArticleProblem when extracting the structure of DB2 (Back up Structure)
I want to extract the structure of a 9.7 DB2 database to use to clone it but some of the authorization statements are missing afterwards: I tried something like this: db2look -d dbName -a -x -o...
View ArticleOAuth2 client registration: should redirect_uri be unique across clients?
When operating an OAuth2 Authorization Server: The authorization server MUST require the following clients to register their redirection endpoint: o Public clients. o Confidential clients utilizing the...
View ArticleSecuring ASP.net web api (REST)
I am developing a middle-ware web service app(REST) using asp.net mvc-4 web api. The rest services are consumed by android,ios,angularjs client apps.Same user is able to use multiple platforms at the...
View Articlemobile number authorization strategy using SMS, best pattern and practices
In recent years, mobile number has become an important factor for authentication and hence more and more enterprises employ methods to capture their users’ mobile numbers using SMS. In a typical...
View ArticleOAuth2 and Authentication
I see a lot of confusion about OAuth2 and Authentication so I created this question in the hope to clear some of the confusion. So, let’s talk about the following points : What is the difference...
View Article