JavaAuthentication and AuthorizationService , or JAAS , pronounced Jazz , is a Java programming language Java security framework for user centric security to augment the Java code based security. clarify date February 2012 Since Java Virtual Machine Java Runtime Environment 1.4 JAAS has been integrated with the JRE previously JAAS was supplied as an extension library by Sun. JAAS s main goal is to separate the concerns of user authentication so that they may be managed independently. JAAS introduces a new term to the security architecture of the Java platform as an additional layer for the verification. While the former authentication mechanism contained information about where the code originated from and who is the signer of the code snippet, the latter platform adds a marker about who runs the code. By extending the verification vectors JAAS extends the security architecture for Java applications that require authentication and authorization modules. Administration For the system administrator, JAAS consists of two kinds of configuration file .login.conf specifies how to plug vendor ... 0913 jaas.html All that JAAS Java World Authentication APIs Category Java platform Category Java APIs Category Computer access control compu prog stub computer security stub ca JAAS cs JavaAuthentication and AuthorizationService de JavaAuthentication and AuthorizationService es JAAS fr JavaAuthentication and AuthorizationService ko JAAS nl JavaAuthentication and AuthorizationService pt JavaAuthentication and AuthorizationService zh JAAS ... how different authentication mechanisms are to be run to authenticate the user PetShopApplication ... of credentials Subject a login service that will invoke your application callbacks to ask the user things like username and password. It returns a new Subject a service that tests if a Subject ..., checks their response and generates a Subject . See also Pluggable Authentication Modules PAM ... more details
about Central AuthenticationService Community AuthorizationService Globus toolkit The Central AuthenticationService CAS is a single sign on protocol for the World Wide Web web . Its purpose is to permit a user to access multiple applications while providing their credentials such as userid and password only once. It also allows web applications to authenticate users without gaining access to a user s security credentials, such as a password. The name CAS also refers to a software package that implements this protocol. Description The CAS protocol involves at least three parties a client web browser, the web application requesting authentication, and the CAS server . It may also involve a back end service , such as a database server, that does not have its own HTTP interface but communicates with a web application. When the client visits an application desiring to authenticate to it, the application redirects it to CAS. CAS validates the client s authenticity, usually by checking a username and password against a database such as Kerberos protocol Kerberos or Active Directory . If the authentication succeeds, CAS returns the client to the application, passing along a Ticket IT security ... authentication via Proxy server proxy address . A cooperating back end service, like a database or mail ... 29 9 Central AuthenticationService CAS consumer provider software for http www.web2py.com web2py ... Java platform software Category Free security software Category Computer access control protocols Category Access control software security software stub de Central AuthenticationService fr Central AuthenticationService sv Central authenticationservice ... and providing its own service identifier and the ticket. CAS then gives the application trusted ... 2.0 introduced multi tier proxy authentication. Several other CAS distributions have been developed with new features. In December 2004, CAS became a project of the Java Architectures Special Interest ... more details
Internet AuthenticationService IAS is a component of Windows Server operating systems that provides centralized user AAA protocol authentication, authorization and accounting . Overview While Routing and Remote Access Service RRAS security is sufficient for small networks, larger companies often need a dedicated infrastructure for authentication. RADIUS is a standard for dedicated authentication servers. Windows 2000 Server and Windows Server 2003 include the Internet AuthenticationService IAS , an implementation of RADIUS server. IAS supports authentication for Windows based clients, as well as for third party clients that adhere to the RADIUS standard. IAS stores its authentication information ... AuthenticationService IAS . NPS performs all of the functions of IAS in Windows Server 2003 for VPN ... AuthenticationService was included with the Windows NT 4.0 Option Pack. Windows 2000 Server s implementation ... library bb742380.aspx Internet AuthenticationService for Windows 2000 ref It also added support for EAP Authentication for IEEE 802.1x networks. Later on it added PEAP with service Pack 4 . Windows Server ... External links http www.microsoft.com ias Internet AuthenticationService on Microsoft TechNet http technet.microsoft.com en us library cc783725 WS.10 .aspx Deploying Internet AuthenticationService IAS in Windows 2003 http technet.microsoft.com en us library cc977950.aspx Internet AuthenticationService in the Microsoft Windows 2000 Resource Kit http www.tcs.auckland.ac.nz james wlan logging ... Category Computer access control es Internet AuthenticationService ru Internet AuthenticationService ... over the standard methods of RRAS authentication. These advantages include centralized authentication ... forest authentication for Active Directory user accounts in other Forests that the IAS server s Forest ... a feature in IAS since NT4 , support for IEEE 802.1X port based authentication, and other features. ref ... 1035 6148560.html How to self sign a RADIUS server for secure PEAP or EAP TTLS authentication http ... more details
Orphan date September 2010 technical date December 2010 Pluggable Authentication Services PAS allows SAP ERP SAP user to be authenticated outside of SAP. When the user is authenticate by an external service, the PAS will issue an SAP Logon Ticket or x.509 Certificate which will be used for future authentication into SAP systems. The PAS is generally regarded as an opportunity for companies to either use a new external authentication system or an existing external authentication system. In some cases, the PAS is used with an external single sign on system that uses SAP Logon Ticket s or x.509 certificates ref http www.itsecuritystandard.com blog ?p 1612 Single Sign On Technology for SAP Enterprises What does SAP have to say? ref . External Authentication Systems Windows NT LAN Manager Authentication Windows NT domain controller i.e., User ID and password verification Binding LDAP to a directory server Authentication using the Secure Sockets Layer SSL protocol and x.509 certificates HTTP header variables mapping userIDs Authentication mechanism through the AGate Prerequistes One system must be configured as the ticket issuing system. Other SAP systems must be configured to accept logon tickets and therefore preconditions for logon ticket configuration or non logon ticket configuration, such as certificate, must be met prior . Usage of Secure Network Communications because authentication occurs externally. Ticket issuing SAP system must be able to recognize user s ID. ref http help.sap.com saphelp nw04 helpdata en 4f bd2c3a11f3bf31e10000000a11402f content.htm Pluggable Authentication Services for External Authentication ref See Also single sign on Secure Network Communications SAPgui SAP Logon Ticket External links http www.darkreading.com security monitoring security management showArticle.jhtml?articleID 227500483& requestid 100785 comments Pluggable Authentication Services for External Authentication Mechanisms References reflist Category Software ... more details
Orphan date February 2009 CASA is an open source component infrastructure for securely storing credential and other confidential data that can be used for authentication, single sign on SSO and other purposes by users, services and applications on a desktop or server operating system. Features Open Source and part of the SUSE distribution Also available on Windows . Credential service for Enabling applications to single sign On. Leverages the Desktop identity and login for access control. Scalable and fault tolerant. Cross platform support Linux, and Windows . Supports managing multiple identity repositories GKring, KWallet, FireFox Password Manager . Provides a storage vault for credentials and secrets. Supports multiple authentication schemes. Forward compatible. Network Authentication component is token based. Provides the ability for a single point of management for multiple credential stores. Supports session based or presistant storage for credentials. Supports sharing of credentials. Supports linking of credentials among different stores. CASA is Not A Network or desktop login infrastructure. Mechanisms APIs for changing and setting passwords in applications. Application login policy enforcer Novell ships the Common Authentication Service Adapter CASA Pluggable Authentication Modules PAM module with its Linux desktop and server products. In a default installation, the CASA PAM Module Linux module is configured for use with the XDM, GDM, login, and SSH services. Bandit Project CASA http www.bandit project.org index.php Common Authentication Services Adapter CASA Category System administration linux stub ... more details
Unreferenced date December 2009 Orphan date December 2009 Commented out Image Oki logo.png right The Authentication Open Service Interface Definition OSID is an O.K.I. specification which supports invoking an authentication process. OSIDs are programmatic interfaces which comprise a Service Oriented Architecture for designing and building software reusability reusable and interoperable software . The implementation of this service is responsible for gathering whatever information is appropriate to perform authentication. This service also supports testing if a user is authenticated, returning the Agent OSID Agent identity that corresponds to the authenticated user. The OSIDs can interact with information and resources over which some form of access control is required. Authentication, Agent OSID Agent , and Authorization OSID Authorization work together where Authentication ensures interactions are at the request of an identified user and Authorization reports what the identified user can do. See also Open Service Interface Definitions Open Knowledge Initiative Known Authentication OSID Providers Kerberos protocol Kerberos Authentication System Password X.509 Category Software architecture ... more details
The Java Transaction Service JTS is a specification for building a Transaction processing transaction manager that maps onto the Object Management Group OMG Object Transaction Service OTS used in the Common Object Request Broker Architecture CORBA architecture. It uses General Inter ORB Protocol IIOP to propagate the transactions between multiple JTS transaction managers. See also Java programming language Java programming language Additional Resources See http java.sun.com javaee technologies jts Sun s JTS description . Category Java enterprise platform Transaction service de Java Transaction Service ko pt Java Transaction Service zh Java ... more details
Unreferenced date December 2009 Commented out Image Oki logo.png right The Authorization Open Service Interface Definition OSID is an O.K.I. specification which provides the means to define who is authorized to do what, when. OSIDs are programmatic interfaces which comprise a Service Oriented Architecture for designing and building software reusability reusable and interoperable software . Authorizations associate Agent OSID Agents , which represent the user or another actor in the system, with Functions and Qualifiers . One can think of Authorization in terms of a grammar where an Agent OSID Agent is a noun , Functions are operations or verbs , and Qualifiers are objects of the Instruction computer science operation . An authorization can then be read as a sentence. For example, Jeff an Agent can write checks a Function on the Department account a Qualifier . Since a system may have many Qualifiers they might be represented using a Hierarchy OSID Hierarchy . For example, the Software Engineering Department account a Qualifier can have sub accounts for Web Development another Qualifier and Database Development a third Qualifier . If Jeff our Agent is explicitly authorized to write checks the Function on the Software Engineering account the explicitly stated Qualifier , he is implicitly authorized to write checks on the Web and Database Development accounts. An Agent in the Authorization OSID is represented using a unique identifier which can be examined via the Agent OSID . See also Open Service Interface Definitions Open Knowledge Initiative Category Software architecture ... more details
Refimprove date July 2009 The Java Message Service JMS Application Programming Interface API is a Java programming language Java Message Oriented Middleware MOM API ref Curry, Edward. 2004. http www.mendeley.com .... URI scheme RFC 6167 defines a tt jms tt URI scheme for the Java Message Service. Provider implementations ... Service http java source.net open source jms Review Open Source JMS implementations http www.manageability.org ... Framework DEFAULTSORT Message Service Categories Category Java enterprise platform Category Java specification requests Category Message oriented middleware Interwikis ca Java Message Service cs Java Messaging Services da JMS de Java Message Service es Java Message Service fr Java Message Service ko it Java Message Service lt JMS hu Java Message Service nl Java Message Service ja Java Message Service pl Java Message Service pt JMS ro Java Message Service ru Java Message Service sv Java Message Service uk Java Message Service zh Java ... between two or more Client computing clients . JMS is a part of the Java Platform, Enterprise Edition , and is defined by a specification developed under the Java Community Process as JSR 914. ref ... standard that allows application components based on the Java Enterprise Edition JEE to create ..., and asynchronous. ref name oraclejms http www.oracle.com technetwork java jms index.html Java Message Service JMS ref General idea of messaging See also Message oriented middleware Message passing Messaging ... Broker Architecture CORBA or Java remote method invocation RMI by the introduction of an intermediary ... 2013. Under Java Community Process JCP development as Java Specification Request JSR 343 Elements ... a Java JMS implementation or an adapter to a non Java MOM. JMS client An application or process that produces ... the subscriber is not connected will be redistributed whenever it reconnects. Using Java, JMS provides .... The same Java Class computer science classes can be used to communicate with different JMS providers ... more details
Authentication and AuthorizationService Kerberos protocol Kerberos Multi factor authentication Needham ... to establish the identity of an originator or receiver of information. Authentication vs. authorization The process of authorization is distinct from that of authentication. Whereas authentication ... that you are permitted to do what you are trying to do . Authorization thus presupposes authentication ... though authorization cannot occur without authentication, the former term is sometimes used to mean the combination of both. To distinguish authentication from the closely related authorization , the short hand notations A1 authentication , A2 authorization as well as AuthN AuthZ AuthR or Au Az are used ... One familiar use of authentication and authorization is access control . A computer system that is supposed .... See also top Access Control Service Athens access and identity management Atomic AuthorizationAuthentication OSID Authenticity in art Authorization Basic access authentication Biometrics CAPTCHA ...For other uses of the terms authentication , authentic and authenticity Authenticity disambiguation Authenticity Refimprove date September 2010 cleanup reason Discusses only entity authentication and no other aspects of authentication regarding communication security. Authentication methods and History ... 2010 Authentication from Lang el real or genuine, from authentes author ... is what its packaging and labeling claims to be. Authentication methods Main Provenance In art ... of history. There are three types of techniques for doing this. The first type authentication is accepting ... and the object under assessment as his artifact respectively. The second type authentication .... Certificates can, however, also be forged and the authentication of these pose a problem. For instance ..., depending on the risk of getting caught. The third type authentication relies on documentation or other .... Currency and other financial instruments commonly use the first type of authentication method ... more details
service directory lookups, which are protected using single factor authentication, for authorization ...Atomic authorization is the act of securing authorization rights independently from the intermediary applications that utilize them and the parties to which they apply. ref http mason.gmu.edu jdilles AtomicAuthorization2.pdf Retrieved 16 July 2009 ref More formally, in the field of computer security , to atomically authorize is to define policy that permits access control access to a specific resource, such that the Authentication authenticity of such policy may be independently verified without reliance the computer application application that enforces the policy or the individuals who utilize the application. Resources include access to individual data , computer computer program programs , computer Computer hardware hardware , computer computer network networks , and physical security physical access . wiktionary Traditional vs. atomic authorization In traditional non atomic authorization, policy is defined and secured at an application level. That is, outside the context of the application, there is no mechanism to verify the legitimacy of traditional authorization policy. Atomic authorization requires a trusted third party to issue authorization policy with a cryptographic Digital Signature guarantee of integrity . Because it is secured independently of the application which utilizes it, atomic authorization policy is equivalent in strength to Authentication factor Strong authentication strong authentication policy. For an application using strong Authentication factor Authentication factors and identity N factor authentication, traditional authorization techniques pose ... authorization methods increases the complexity of identity management and issuing credential s, but does not further legitimize the authorization decisions that the application makes. See also Security engineering Computer security Authentication Access control References references computer security ... more details
Context date October 2009 Access Authentication in CDMA networks a.k.a. CAVE based Authentication IS 95 1xRTT , A12 Authentication 1xEV DO Authentication of a mobile device by the serving access network. The access authentication mechanism employed depends upon the type of service being used CAVE based Authentication Used for access authentication in CDMA 1xRTT Authentication and Key Agreement AKA 3G successor to CAVE based authentication A12 Authentication Used for access authentication in 1xEV DO Note that 1xEV DO Hybrid MS AT devices may employ both CAVE based and A12 authentication since these devices connect to both the 1xRTT and 1xEV DO networks. Category Code division multiple access ... more details
Unreferenced date January 2007 Electronic authentication E authentication is the process of establishing confidence in user identities electronically presented to an information system . E authentication presents a technical challenge when this process involves the remote authentication of individual people over a network, for the purpose of electronic government and commerce. E Authentication Model E authentication is the process of establishing confidence in user identities electronically presented ... is authorized to perform an electronic transaction. In most cases, the authentication and transaction ... may be limited and access control decisions may take this into account. E authentication begins ... a subscriber of a Credential Service Provider CSP and, as a subscriber, is issued or registers ... that the RA has verified. The token and credential may be used in subsequent authentication events ... successfully demonstrates possession and control of a token in an on line authentication to a verifier through an Challenge handshake authentication protocol authentication protocol , the verifier can ... the authenticated information provided by the verifier CSP to make access control or authorization decisions. Subscribers, RAs and CSPs In the conceptual e authentication model, a claimant in an authentication ... that may be used to authenticate the claimant s identity. In e authentication, the claimant authenticates to a system or application over a network. Therefore, a token used for e authentication ... key and learn the password to use the token. Authentication systems are often categorized by the number of factors that they incorporate. The three factors often considered as the cornerstone of authentication ... the subject of the credentials. When these paper credentials are presented in person, authentication ... authenticates his or her identity to a verifier by the use of a token and an authentication ..., with no knowledge of the token before the authentication protocol run, learns nothing about the token ... more details
cite paper author Farrell, S. Housley, R title An Internet Attribute Certificate Profile or Authorization ... attributions. For example, an authorization certificate issued for Alice authorizes her to use a particular service. Alice can delegate this privilege to her assistant Bob by issuing an AC for Bob s PKC. When Bob wants to use the service, he presents his PKC and a chain of ACs starting from his own AC issued by Alice and then Alice s AC issued by the issuer that the service trusts. In this way, the service can verify that Alice has delegated her privilege to Bob and that Alice has been authorized to use the service by the issuer that controls the service. RFC 3281, however, does not recommend ... the effort and there is little use of AC in the Internet. Usage To use a service or a resource that the issuer of an AC controls, a user presents both the PKC and the AC to a part of the service ... key in the PKC. If the authentication is successful, the verifier will use the preinstalled public ... additional checks before offering the user a particular level of service or resource usage in accordance ... service. For example, a company gives one of its employees a company wide AC that specifies engineering ... data above. Benefits Using attribute certificate, the service or resource host network host does not need ... of capability based security capabilities in which the permission or permissions to use a service or resource is not stored in the service or resource itself but in the users using a tamper resistance ... more details
Unreferenced stub auto yes date December 2009 Authentication servers are Server computing server s that provide authentication services to user computing users or systems other systems via networking. Remotely placed users and other servers authenticate to such a server, and receive cryptographic tickets. These tickets are then exchanged with one another to verify digital identity identity . Authentication is used as the basis for authorization determining whether a privilege will be granted to a particular user or process computing process , privacy keeping information from becoming known to non participants , and non repudiation not being able to deny having done something that was authorized to be done based on the authentication . The major authentication algorithm s utilized are password s, Kerberos protocol Kerberos , and public key encryption . See also TACACS RADIUS Multi factor authentication DEFAULTSORT Authentication Server Category Computer network security Category Servers computing Compu network stub ... more details
parameter to the MAIL FROM command, so as to allow to distinguish authentication from authorization ... Klensin John C. Klensin , April 2006. RFC 4422, Simple Authentication and Security Layer SASL , Alexey Melnikov and Kurt D. Zeilenga, June 2006. RFC 4954, SMTP Service Extension for Authentication ...SMTP Authentication , often abbreviated SMTP AUTH , is an extension of the Simple Mail Transfer Protocol whereby an SMTP client may log in , using an authentication mechanism chosen among those supported by the SMTP server. The authentication extension is mandatory for Mail submission agent submission ... services provided by the same Internet service provider ISP supplying the connection, or else using ... in 1995 ref cite web url http tools.ietf.org html draft myers smtp auth 00 title SMTP Service Extension for Authentication author John Gardiner Myers date April 1995 publisher IETF accessdate 2010 05 ... protocol, Extended SMTP ESMTP , and Simple Authentication and Security Layer SASL . An older SASL mechanism for ESMTP authentication ESMTPA is CRAM MD5 , and uses of the MD5 algorithm in HMAC s hash based message authentication codes are still considered sound. ref cite web url http tools.ietf.org ... extensions, SMTP AUTH is advertised in the EHLO response, along with a list of supported authentication ... S 250 AUTH GSSAPI DIGEST MD5 PLAIN C AUTH PLAIN dGVzdAB0ZXN0ADEyMzQ S 235 2.7.0 Authentication ... that imply relaying unless authentication credentials have been accepted. The specification recommends that servers issue 530 5.7.0 Authentication required in response to most commands in case the server is configured to require authentication and the client hasn t done it yet. Only servers listening .... While the authentication doesn t need to vary, once established, different messages may be sent according to different agreements and hence require different authorization. For example, messages may ... to grant relay privileges. Standards RFC 3207, SMTP Service Extension for Secure SMTP over Transport ... more details
authorization in connection with a customer s purchase of self service gasoline at the pump using ...Refimprove date April 2010 Authorization hold also card authorisation , preauthorization , or preauth ... card s, authorization holds can fall off the account thus rendering the balance available again ... based credit and debit card transactions are a two step process, consisting of an authorization and a settlement ... available credit will immediately decrease to 70. This is because the merchant has obtained an authorization ... an authorization from the individual s bank by swiping the card through its credit card terminal ... the funds in question. However, unless this authorization hold expires without being finalized ... an authorization hold An authorization hold can be canceled by the merchant if the merchant uses an acquirer that supports a process known as authorization reversal. Different acquirers place different restrictions on the conditions that must be met for the merchant to make an authorization reversal ... authorization. In cases where the merchant cannot perform a reversal, but wishes to cancel the authorization it is typical that the merchant would contact the acquirer by telephone. Confusion in online banking When viewing an online banking website, authorization holds often appear in the pending transactions section of the balance sheet. As stated above, authorization holds only last for a fixed ... only kept that authorization hold in place for 1 business day, then the individual would see the funds ... within that first day, the authorization hold would fall off and the funds would appear to be available ... may not be taking into account transactions for which the authorization hold has fallen off. This creates ... at http www.bbcshop.com scat faq. ref Rarely, banks will remove authorization holds with a verbal or for larger ... such as the cardholder s name, card number, authorization number and transaction amount. Due ... with the bank. Holds for differing amounts Another issue that occurs on a regular basis with authorization ... more details
people to access. The E Authenticationservice enables you to get access to government services online ...Refimprove date December 2007 E authentication is a shorthand for electronic authentication . Authentication ... to support e authentication is regarded as an important component in successful e Government. ref http www.agimo.gov.au infrastructure authentication Australian Government Information Management Office . ref Poor coordination and poor technical design might be major barriers to electronic authentication ... there has been established nationwide common e authentication schemes to ease the reuse of digital ... e auth v07.pdf An overview of International Initiatives in the field of Electronic Authentication ... for electronic authentication, in order to establish common levels of trust and possibly interoperability between different authentication schemes. ref http www.finance.gov.au e government security and authentication Australia , http e com.ic.gc.ca epic site ecic ceac.nsf en h gv00090e.html Canada , http www.whitehouse.gov omb memoranda fy04 m04 04.pdf US M04 04 . ref In the US E Authentication ... credential issuers such as Web sites and digital certificate issuers , E Authentication is providing .... E Authentication is a government wide partnership that is supported by the agencies that comprise ... agency partner. E Authentication works through an association with a trusted credential issuer, making it necessary for the user to login into the issuer s site to obtain the authentication credentials. Those credentials or E Authentication ID are then transferred the supporting government web site causing authentication. E Authentication was created in response of an inter governmental memorandum ... and agencies when implementing E Authentication. See also E democracy E participation E Government Unit Electronic authentication Electronic services delivery eRulemaking Online consultation Online ... US government E Authentication Web Site http www.whitehouse.gov omb memoranda fy04 m04 ... more details
about the Indonesian island Infobox islands name Java image name Java Topography.png image caption Topography of Java locator map JavaLocatie 1 .png native name Jawa native name link Indonesian language ... Banten , br Jakarta Jakarta Special Capital City District , br West Java , br Central Java , br East Java , br Yogyakarta Yogyakarta Special Region country largest city Jakarta country ... , Sundanese people Sundanese inc. Baduy , Betawi people Betawi , Madurese people Madurese Java lang ... of Madura which is administered as part of the provinces of Java , Java is the world s most populous island, and one of the most densely populated places on the globe. Java is the home of 60 ... on western Java. Much of Indonesian history took place on Java. It was the center of powerful ... colonial Dutch East Indies . Java was also the center of the Indonesian National Revolution Indonesian struggle for independence during the 1930s and 40s. Java dominates Indonesia politically, economically and culturally. Formed mostly volcanic island as the result of volcanic eruptions , Java ... 60 million people in Indonesia, most of whom live on Java. Most of its residents are multilingualism ... of the people of Java are Muslim , Java has a diverse mixture of religious beliefs, ethnicities, and cultures. Java is divided into four provinces, West Java , Central Java , East Java , and Banten ... of the name Java are not clear. One possibility is that the island was named after the Foxtail ... to Indianization the island had different names. ref Raffles, Thomas E. The History of Java . Oxford ... of Java . Oxford University Press, 1965 . Page 3 ref And, in Sanskrit yava means barley, a plant for which ..., the island of Java, in search of Sita . ref http books.google.co.id books?id 9ic4BjWFmNIC&pg PA465 ... that the Java word is derived from a Proto Austronesian language Proto Austronesian root word, meaning ... of Java in Other Javas away from the kraton. pp. 1 32. ref Geography Image Semeru Bromo Temple.JPG ... more details
BSD Authentication , otherwise known as BSD Auth, is an authentication software framework framework and software API employed by some Unix like operating system s, specifically OpenBSD and BSD OS , and accompanying System software system and Application software application software such as OpenSSH and Apache HTTP Server Apache . It originated with BSD OS and although the specification and implementation were donated to the FreeBSD project by BSDi , ultimately OpenBSD chose to adopt the framework in release 2.9. Pluggable Authentication Modules PAM serves a similar purpose on other operating systems such as Linux , FreeBSD and NetBSD . BSD Auth performs authentication by executing scripts or programs as separate Process computing process es from the one requiring the authentication. This prevents the child authentication process from interfering with the parent except through a narrowly defined inter process communication API, a technique inspired by the principle of least privilege and known as privilege separation . This behaviour has significant security benefits, notably improved Fail safe fail safeness of software, and robustness against malicious and accidental software bug s. ref name privsep cite conference author Niels Provos , CITI, University of Michigan Markus Friedl, GeNUA mbH Peter Honeyman, CITI, University of Michigan date 2003 url http www.usenix.org events sec03 tech provos et al.html title Preventing Privilege Escalation booktitle Proceedings of the 12th USENIX Security Symposium pages 231 242 ref PAM uses an alternative system where the modules providing authentication are Library computer science dynamically linked into the requesting process. This method ... separation without additional configuration. See also Name Service Switch References div class ... Authentication system man 3 bsd auth OpenBSD interface to the BSD Authentication system Category Berkeley Software Distribution Category Computer access control frameworks Category Unix authentication ... more details
www.eyrie.org eagle software pam krb5 PAM KRB5 ref See also BSD Authentication Identity management JavaAuthentication and AuthorizationService Linux PAM Name Service Switch OpenPAM Single sign on References ...refimprove date May 2011 Pluggable authentication modules PAM are a mechanism to integrate multiple low level authentication schemes into a high level application programming interface API . It allows programs that rely on authentication to be written independent of the underlying authentication scheme. PAM was first proposed by Sun Microsystems in an Open Software Foundation Request for Comments RFC 86.0 dated October 1995. It was adopted as the authentication framework of the Common Desktop Environment ... reasons, OpenBSD has chosen to adopt BSD Authentication , which is an alternative authentication framework, originally from BSD OS . Criticisms of PAM Despite PAM being part of the X ... for a PAM module to request a Kerberos protocol Kerberos service ticket from a Kerberos ... the user for credentials and are only used for initial login in an SSO environment. To fetch a service ... must be specifically coded to support Kerberos, as pam krb5 cannot itself get service tickets ... API, as used by FreeBSD and NetBSD http jpam.sourceforge.net Java PAM bridge http sharvil.nanavati.net ... http www.linuxjournal.com article 2120 Pluggable Authentication Modules for Linux http www.informit.com articles article.aspx?p 20968 Making the Most of Pluggable Authentication Modules PAM Authentication APIs Category Open Group standards Category Unix authentication related software Category Computer ... interfaces security software stub cs Pluggable Authentication Modules de Pluggable Authentication Modules es Pluggable Authentication Modules fr Pluggable Authentication Modules it Pluggable authentication modules pl Pluggable Authentication Modules pt Pluggable Authentication Modules ru Pluggable Authentication Modules ... more details
An Authorization to Carry is a permit issued by the government of Canada allowing holders of Restricted and Prohibited class firearms to carry them in Canada. Under this permit, the approved firearms may be carried on the permit holder s person, concealed or unconcealed, loaded or unloaded. This permit is less common than the Authorization to Transport permit which allows secured and trigger lock ed transport of Restricted and Prohibted class firearms in an unloaded state. See also Gun politics in Canada Chief Firearms Officer External links http www.cfc cafc.gc.ca form formulaire default e.asp RCMP Information Sheet Application for an Authorization to Carry Restricted Firearms and Prohibited Handguns http www.canlii.org en ca laws regu sor 98 207 latest sor 98 207.html Federal Statutes and Regulations SOR 98 207 Category Canadian law Category Firearm laws Canada law stub ... more details
also called marketing authorization equivalent product license . This process is performed within ... where a marketing authorization already granted may be withdrawn, suspended or revoked. ref name name ... 3 ref The application for marketing authorization is called New Drug Application NDA in the USA or Marketing Authorization Application MAA in the European Union and other countries, or simply registration ... . Procedures for obtaining a marketing authorizationAuthorization processes follow either a purely ... routes, presentations, as well as any variations changes to the existing marketing authorization and extensions shall also be granted an authorization or be included in the initial marketing authorization, being subject of an abridged application. ref Directive 2001 83 EC of the European ... is to be given to application for authorization of biological products and biotechnology products ... authorization is valid for a period of 5 years. After this period, one should apply for renewal of the marketing authorization, usually by providing minimal data proving that quality, efficacy and safety ... favourable. However, in the European Union, after one renewal, the marketing authorization shall remain .... 34. ref If the marketing authorization is not renewed in a due time as requested by the local legislation, in order to maintain the pharmaceutical product on a market, one can apply for re authorization ... necessary for a full application. Marketing authorization may be withdrawn, suspended, revoked or varied ... are not as currently declared. Marketing authorization may be also withdrawn, suspended or revoked if the marketing authorization holder or its representative does not fulfill other legal or regulatory .... Also, the marketing authorization is withdrawn in the EU if the product is not placed on the market within next 3 consecutive years after granting of authorization or if it is no more marketed for 3 ... more details
Norway during World War II The Elverum Authorization lang no Elverumsfullmakten allowed the Norwegian executive branch to temporarily and legitimately assert absolute monarchy absolute authority while removed from the capitol, Oslo . The action was approved unanimously by the Parliament of Norway the Storting on 9 April 1940, in the town of Elverum , in Norway , after the Norwegian royal family , executive branch, and parliament had evacuated Oslo to evade capture by Germany German troops in the course of Operation Weser bung during World War II . ref cite web url http mediabase1.uib.no krigslex e e2.html elverumsfullmakten title Elverum Authorization accessdate 2008 08 28 work publisher NorgesLexi.com date language Norwegian ref Text The authorization reads, in translated form cquote The Storting authorizes the Government, until the time comes when the Government and the presidency of the Storting is able to confer and assemble the Storting to its next ordinary session, to maintain the interests of the realm and make those decisions and determinations on behalf of the Storting and Government, that are considered needed to maintain the country s security and future. Significance The authorization is of historical significance because it allowed the Norwegian executive branch to assert legitimacy &mdash even while in exile. Debate It is also controversial in that it constituted a complete abandonment of the legislative powers in Norway during the war. The issue was brought to the Norwegian Supreme Court , which ruled that the authorization was legitimate and valid. Some critics have claimed that the authorization was never formally put to a vote, and that it in any case was invalid because there was no constitutional basis for the Storting to hand over its functions to the executive branch. These critics also claim that Section 17 which was invoked in the authorization only authorized emergency powers within the areas of trade , customs , economy and police until the Storting ... more details
In the United States Congress , an authorization bill is a proposed public law that permits the federal government to carry out various functions and programs. Authorization bills are generally contrasted with appropriations bill s, which are laws that provide funding for discretionary program s that are already authorized for the federal government to legally carry out an action, it must both be authorized and have money available to fund any expenditures needed to act. References Roger H. Davidson, Walter J. Oleszek, and Frances E. Lee. 2008. Congress and Its Members, 11th ed. Washington, D.C. CQ Press. ISBN 978 0 87289 357 3. See also Anti Deficiency Act money bills US Congress stub Category United States federal legislation ... more details
Encyclopedia
top
