Authentication involves proving the identity of a client and server to each other before exchanging sensitive information.
Possible topics:
- Authentication for web
- Issues with HTTP authentication (Basic/Digest, TLS, SPNEGO)
- Web SSO as a "solution" to issues
- API vs Server/Container
- Examples / Investigations in Popular Frameworks
- Reverse Proxies
- Other "session" considerations (incl. Logout)
- Authentication for non-web
- TLS
- OTP over TLS
- SASL / GSS-API
- Moonshot
- Tie to web authentication
- Server Authentication
- Externalizing authentication; what are the concrete development implications, if any?
- Is it just not assuming a password collection UI?
- From single domain to federated: