💾 Archived View for jb55.com › ward.asia.wiki.org › authentication-resources captured on 2021-12-04 at 18:04:22. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
We list and maybe even review authentication systems and interfaces that will show the range of what might be expected of wiki in diverse circumstances.
Scott Motte's Email only authentication as an open-source authentication alternative to traditional username/password authentication. osb video
Jesse Hallett says, Almost every web application relies on cookies to authenticate each request after the user logs in. Cookies are vulnerable to cross-site request forgery and session hijacking. It is time to explore better, more secure alternatives that are now possible thanks to practical in-browser cryptography. osb talk
JSON Web Token (JWT) is a JSON-based open standard for passing claims between parties in web application environment. The tokens are designed to be compact, URL-safe and usable especially in web browser single sign-on context. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes. wikipedia
Frankie Sardo writes about using JSON tokens to authenticate a single page application. blog
Tim McLean writes about critical vulnerabilities in JSON Web Token libraries. blog
Paul Kinlan on Credential Management API including demo and code. blog
Authentication schemes are only safe when credentials are passed securely, for example using SSL. Having a free Certificate Authority, like Let's Encrypt, will act as an enabler both to the adoption of SSL and authentication schemes like WebID, and IndieCert, which rely on SSL.