IPhone Development

From Wiki

Jump to: navigation, search

[edit] Text entry

[edit] HTTP processing

starting point:

I want to access a secure extranet site of my organisation.

Security includes:

use of the https protocol, using a certificate signed by a public certificate authority.

use of form based authentication.

some session style authorization after successful authentication.

requesting the user principal for registered organisational users.

requesting a password credential associated with the user principal.

the simplification I expect is that the http processor should offer a simple interface, taking the http URN.

Based on pattern matching against a set of stored http profiles the processor then identifies that it requires a user/password tuple.

The specific site uses a standard mechanism:

  • is the http session authorized by authentication?
  • if yes, grant access
  • if no, show login form

the login form offers:

  • authenticate using a post form using username/password
  • forgot password page, a unprotected page asking for the user id, then asking for the passphrases
  • unprotected administrator login page, asking for username and password

The initial application should simply grant direct access to certain pages using the username/password/session authentication/authorization.







[edit] Resources

[[1]]

[[2]]

[[3]]

Personal tools