There is an ever-increasing demand to make information and applications available via the World Wide Web. Often, access to these resources must be restricted to a group of authenticated users. The level of rigour and reliability required of the authentication scheme depends on the sensitivity of the resource on offer.
The Department of Engineering at the University of Cambridge has made use of a number of different schemes for various web applications with differing security requirements. It is now working to develop a common authentication framework to support existing and future web applications.
This presentation will discuss the basics of authentication and authorisation
for the Web, present some of the schemes from a technical and from a user perspective,
and will sketch out a possible framework for flexible, consistent authentication.
Michael Gray has been a Computer Officer in the Department of Engineering at the University of Cambridge for five years. He is responsible for a team providing support to research groups in the Department, and has helped introduce Linux as a platform for infrastructure services. Over the last two years he has worked on a number of web applications, now widely used by students and staff, and he is now embarking on the development of a major application to manage student information for a new modular undergraduate course.
Previously he has worked on real-time embedded applications for IT companies in Cambridge and in New Zealand, and is himself a graduate of the Department of Engineering.
