Chapter 7. Access Control

Access control is an important part of security and is its most visible aspect, leading people to assume it is security. You may need to introduce access control to your system for a few reasons. The first and or most obvious reason is to allow some people to see (or do) what you want them to see/do while keeping the others out. However, you must also know who did what and when, so that they can be held accountable for their actions.

This chapter covers the following:

• Access control concepts

• HTTP authentication protocols

• Form-based authentication as an alternative to HTTP-based authentication

• Access control mechanisms built into Apache

• Single sign-on