In the previous post, we’ve talked about the different ways that websites can use to identify the visiting user.
But identification itself represents just a claim. When you identify yourself, you are claiming that you are someone. But there is no proof of that.
Authentication, on the other hand, is showing a proof that you are what you claim to be, like showing your personal id or typing in your password.
More often than not, websites need some sort of proof to serve you sensitive resources.
HTTP has its own authentication mechanisms that allow the servers to issue challenges and get the proof they need. You will learn about what they are and how they work. We’ll also cover the pros and cons of each one and find out if they are really good enough to be used on their own (spoiler: they are not).
This is what we have learned so far:
- The HTTP series (Part 1): Overview of the basic concepts
- The HTTP series (Part 2): Architectural aspects
- The HTTP series (Part 3): Client identification
Read more at DZone