Typically, users enter a user name and password when they log in to the e-business system. The login process looks up the user ID (UID) in the Access Control Database (ACDB) and verifies the supplied password. If the authentication is successful, a session object is created that maintains the user credentials and presents them, as necessary, to other secured assets in the environment. See “Single sign-on support”.
However, a user name and password combination does not guarantee that the individual is really the person he or she claims to be. The password may have been stolen or given to someone.
User name and password pairs, also known as credentials, are considered a weaker form of authentication, while digital certificates are considered to be stronger.
Enterprise Security also supports using biometrics—the biological identification of a person—and smart cards—credit cards with built-in microprocessor and memory that are used for identification. Typically, your biometrics or smartcard vendor provides Web server plug-ins that allow you to use your biometrics device from your browser to unlock a keystore and present a certificate to the Web server for authentication. This must be configured by the customer—see your biometrics or smartcard vendor documentation for more information. Once configured, all that remains is to register the user’s certificate in the ACDB, and use the secure Web plug-in to complete the authentication into Enterprise Security.
