[Biodevelopers] On security models for networked applications

Joe Landman landman at scientificappliance.com
Thu Apr 25 10:42:04 EDT 2002


Folks:

  (I hope others will start posting here as well :))

  I am thinking about security issues for my networked application. 
Specifically how to authenticate a user properly, so a server can trust
the client talking to it is doing so on behalf of the correct user, and
the client can trust that the server it is talking to in fact represents
a valid server for the application, and can autheticate this.

  I havent read up on things like public key infrastructures or whatnot
else.  If someone else has run into this problem before, and is willing
to share some of what they learned, I think that would be valuable to
the list.

  Basically I see the security issue broken up into sections.  

1) transport security:  being able to send data/information without
compromise of the information (generally handled by TLS, SSL, etc)

2) user authentication: being able to verify the identity of the user of
the service

3) server authentication: being able to verify the identity of the
server and service (generally handled by certification authorities and
server certificates).

  I look at each transaction between server and client as needing to be
secure in the sense of the above list (and possibly others I have not
considered).

  Are there any good discussions of this type of security in book or URL
formats?  I am looking for practical examples I can use/learn from.  If
you have any experience with these issues, please feel free to talk
about them here.  

  Thanks again!

Joe






More information about the Biodevelopers mailing list