OpenEdge Getting Started:<br />Core Business Services Authentication

Authentication assures that the identity asserted by one entity can be validated as authentic. For example, when a user logs on to an application, the authentication service assures that the user is permitted to access the application and its features. This concept of an identity can be extended from a user to various components of an application distributed across a network that need to communicate securely with one another.

The minimum requirement to authenticate a user is typically some name that uniquely identifies the user (user ID or user name) and a secret key (password) that the user provides to validate the user’s name. If the authentication service can associate the password with the user name, it establishes the user name as a valid user of the application.

Among the components of a distributed application, one or both of the client and server identities of two communicating components can authenticate one another in order to verify the validity of the connection between these components. They can also authenticate data exchanged between them and thereby provide nonrepudiation of the data exchanged.

In data communications, nonrepudiation for a sender ensures that the entity that sends a message cannot later deny having sent it, and for a receiver, ensures that the entity that has received message cannot later deny having received it. Nonrepudiation for message senders is often supported by digital signatures, and for receivers by an audit of the message receipt. (See the "Auditing" section.)

In OpenEdge, the authentication of user names is supported through various user identity management features. These features include a user authentication mechanism for use with the OpenEdge RDBMS, which can maintain its own list of valid users. They also include a mechanism to assert a previously authenticated user ID as the current application/database connection user. For more information on OpenEdge support for authentication, see Chapter 2, " Security in OpenEdge."

OpenEdge also supports the authentication of server component identities to corresponding client components in distributed network applications using the Secure Sockets Layer (SSL), which is an implementation of a Public-Key Infrastructure (PKI). For more information on:

PKI — See Chapter 5, " Public-Key Infrastructure (PKI)."

SSL — See Chapter 6, " Secure Sockets Layer (SSL)."

Support for SSL in OpenEdge — See Chapter 7, " SSL in OpenEdge."