6

I'm currently writing my dissertation about web security. I am focussing on the use of authentication libraries in web applications. As part of this I am writing a library for CodeIgniter with the aim of providing a single-sign-on type of authentication by implementing support for a number of OAuth providers.

My questions to you, the community are as follows:

  • What makes a good authentication library?
  • How should it be structured and to what extent should it abstract the auth process?
  • What factors would influence your decission to choose one library over another?

So far, my considerations to this have been about speed, simplicity of the code, simplicity of implementation for the app developer and most importantly the actual security of the product.

Any feedback would be highly valued. Many Thanks.

Jack Hayter
  • 113
  • 1
  • 5
  • 1
    http://meta.stackexchange.com/a/128562/164367 – vascowhite Apr 15 '12 at 13:34
  • You may try to dig into answers for [What CodeIgniter authentication library is best?](http://stackoverflow.com/questions/346980/what-codeigniter-authentication-library-is-best) to get some points... – Juicy Scripter Apr 15 '12 at 13:35
  • @vascowhite - I disagree. OP isn't asking for recommendations FOR an auth library - he's asking for discussion about the construction of auth libraries, in general. Maybe good fodder for a community wiki, but I don't see how your link is germane. This isn't gorilla vs. shark, this is a decent question. – Chris Tonkinson Apr 15 '12 at 13:37
  • 2
    I'm not sure how this is "not constructive". All 3 points in the question can be answered objectively. As usual, people just go clicky clickety click as a swarm and don't bother thinking for themselves. HINT: if someone else voted for close, it doesn't mean you have to automatically do that too. – Jani Hartikainen Apr 15 '12 at 13:38
  • @JaniHartikainen clicking as a swarm isn't possible. Everybody who flags/down votes does it individually and are quite within their rights to do so. – vascowhite Apr 15 '12 at 13:40
  • @JaniHartikainen Maybe is better suited for other SE sites rather than this (security?programmers?) – Damien Pirsy Apr 15 '12 at 13:41
  • @vascowhite Sure you can. When someone else has already voted to close, it's much easier for you to just vote for close too. – Jani Hartikainen Apr 15 '12 at 13:44
  • 2
    I'm quite surprised that you closed this question down actually. This was designed to promote thought, and all the points in my question were designed to be answered in specific and targeted ways. The audience is relevant too. I value the opinions of other developers and this site has always proven of high value in situations like this. – Jack Hayter Apr 15 '12 at 13:58

0 Answers0