• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

18.3. Authorization

Authentication tells you who is connecting, not whether you should accept their connection. Even if you allow someone to connect, you may not want to grant access to all the functions and resources available in an application. Authorization—controlling who can do what—is every bit as important as authentication in creating secure applications. We need to look at two parts of authorization in relation to FlashCom applications. The first is deciding whether a user or process will be allowed to establish a connection to an application instance. The second is controlling access to functions and resources in the instance.

Deciding if someone is allowed to connect and what he can do when you accept his connection is usually determined using one of two schemes. The first and simplest is to use application-wide, role-based authorization. Every user is assigned one or more roles within the application such as administrator, moderator, presenter, or participant. If a user doesn't have at least one role, she can't connect to an application instance. The roles assigned to each user also determine what the user can do within the application. The second and more complex way to control access is to use an access control table. Each record in the table associates a user or group of users with a resource or group of resources and defines the type of access they have to the resource. Access control records—or something like them—are required in larger, more complex applications such as a conferencing system in which access to different conference rooms must be controlled on a room-by-room basis.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint