鉴别与授权;验证和授权
Authentication and Authorization security.
认证和授权安全。
At a high level, we apply authentication and authorization rigorously.
在高级别上,我们严格应用身份验证和授权。
You can also set authentication and authorization configuration for XML management.
您还可以为 XML 管理设置身份验证和授权配置。
Most applications need to address the issues of user authentication and authorization.
大多数应用程序需要解决用户的验证和授权问题。
For brevity, this example also omits users and sessions, formatting, and any kind of authentication and authorization.
为了尽量简洁,该例子还省略了用户和会话、格式以及各种身份验证和授权。
Within the deployment descriptor, you can configure specific realms for authentication and authorization.
在部署描述中,可以为身份验证和授权配置特定的领域。
All the clients/servers trust the security server for authentication and authorization of the messages running over the wires in the network.
所有客户端/服务器都依赖安全服务器对在网络上传输的消息进行身份验证和授权。
This gets you firmly into authentication and authorization, as well as very highly customized content.
这为您带来稳定的身份验证和授权,以及高度定制的内容。
Do the services support both authentication and authorization?
服务同时支持身份验证和授权码?
Where appropriate authentication and authorization are not available, then you must resort, frankly, to clever design and procedures to prevent potential problems.
如果无法采用适当的身份验证和授权,那么只能采取巧妙的设计和过程来防止潜在的问题。
This is the action where all the authentication and authorization steps for any particular request are performed.
这是在其中对任何特定请求执行所有身份验证和授权步骤的操作。
This section gives a short overview of authentication and authorization concepts of CM V8, as they will be needed to understand the replication process.
本节简要地概述一下CMV8 中验证和授权的概念,因为这些概念是理解复制过程所需要的。
AAA info file can be used not only for identity mapping, but also for authentication and authorization.
AAA信息文件不仅可用于身份映射,还可以用于身份验证和授权。
These mediations may include any or all of validation, logging, audit, authentication and authorization.
这些中介可以包含任何或全部验证、日志记录、审核、身份验证和授权。
This approach embo***s both authentication and authorization.
这种方法包含了身份验证和授权。
Authentication and authorization are combined together in RADIUS.
在RADIUS 中,验证和授权是组合在一起的。
Authentication and authorization introduce how to design the organizational structure and access control (privileges) data storage/access patterns.
身份验证和授权说明如何设计组织结构和访问控制(特权)数据存储/访问模式。
However, this will not address the need for service-level authentication and authorization.
然而,这不能满足服务层的验证和授权的需求。
In any distributed environment, in order to maintain universal access, consistent authentication and authorization services are a necessity.
在任何分布式环境中,为了提供普遍的访问,都需要一致的身份验证和授权服务。
Where appropriate authentication and authorization are not available, we resort to clever design and procedures to prevent potential problems.
如果没有合适的身份验证和授权,那么只能采取巧妙的设计和过程来防止潜在的问题。
As illustrated in Figure 1, there are four main components in the architecture we proposed to implement the authentication and authorization mechanism in the multi-tenant application.
这个体系结构用于在多租户应用程序中实现身份验证和授权机制,如图1所示,它有四个主要组件。
It provides the consistent authentication and authorization services necessary for universal access.
它为通用访问提供了所需的一致的身份验证和授权服务。
The tiny little authentication and authorization system for this tiny little blog application is now in place.
这个 “微型”博客应用程序的 “微型”身份验证和授权系统现在已经初具雏形。
At a high level, you apply authentication and authorization rigorously.
在高层上,严格应用身份验证和授权。
Security might also be an issue: putting data into S3 means you have to use S3's access control system, which might not fit your authentication and authorization requirements.
安全性也许会成为一个问题:将数据放入S3 中意味着您必须使用S3的访问控制系统,而这个系统可能不能满足您的身份验证和授权需求。
Thus, establishing robust identity management processes to achieve authentication and authorization is one of the key aspects to successfully compile a secure software solution.
因此,必须建立健壮的身份管理过程来实现身份验证和授权,这是成功实现安全的软件解决方案的关键因素之一。
Authentication and authorization concepts have to be carefully designed.
验证和授权这两个概念必须谨慎地加以设计。
There are plug-ins to integrate with a directory, to provide authentication and authorization.
有一些用于与目录相集成的插件,提供验证和授权。
You configure EJB authentication and authorization by defining security roles in the deployment descriptor under which each method executes.
EJB 的身份验证和授权配置方法为:在部署描述符中定义安全角色,每个方法将依据部署描述符执行。
From a business perspective, this request is used to check the user authentication and authorization, which should not be cached.
从业务角度看,这个请求用于检查用户验证和授权,不应该被缓存。
Authentication(身份认证)指验证用户或系统身份真实性的过程,确保其声明的身份合法有效。例如,用户通过输入密码、指纹识别或一次性验证码(OTT)等方式证明自己是账户的合法所有者。这一过程是访问控制的基础,防止未经验证的实体进入系统。常见技术包括多因素认证(MFA)和生物特征识别。
Authorization(授权)指在身份认证成功后,根据用户身份或角色分配其可访问的资源或操作权限。例如,企业系统中管理员可修改数据,而普通员工仅能查看。授权通常通过访问控制列表(ACL)或基于角色的访问控制(RBAC)实现,例如云服务中按角色限制API调用权限。
两者关系上,身份认证是确认“你是谁”,授权是确定“你能做什么”。国际标准如OAuth 2.0协议将两者结合,通过令牌(Token)机制实现安全的权限管理。在金融或医疗系统中,双因素认证与细粒度权限控制常被联合应用以符合合规要求。
参考资料
“Authentication”(认证)和“Authorization”(授权)是计算机安全中的两个核心概念,虽然常被混淆,但功能截然不同:
简记:认证是“验明正身”,授权是“划定权限”。两者共同构建系统安全防线。
【别人正在浏览】