Secure Web Access Login
Web access login security: secure website access
What is web access login?
Web access login, as its name implies, is a method for enabling access to web based information. Web access login is provided so that a user can gain access to specific web pages, rather than providing control over the information that they can access once they have satisfactorily logged in.
The ‘traditional’ method of web access login has been to use a combination of identity and password as a means of verifying the authority to access specific information.
This technique has been widely used by a number of industries in order to restrict access to particular information they wish to protect in some way. Interestingly, it is quite popular as a technique with some digital rights management (DRM) providers who allow access to information hosted on their web site based upon the ability of the user to provide the correct user name and password.
The problems and potential weaknesses of web access login have also been considered in articles on web login and web page login, so it is not necessary to go through them again here. Suffice it to say that the actual control that can be achieved using an identity/password based service is a great deal less than the users of those services imagine.
Web access login has another dimension that is not often considered. People gaining access through web access login tend to be granted powers solely related to access rights, and so all the materials or information on a site are essentially at the same level. The granularity of control between one user and another can only be obtained by having different sites that possess different information, because web access login presupposes that all those given access to the web site have equal authority.
Of course this may prove operationally inconvenient – how many people want to provide four web sites in order to support four different ‘levels’ of user. It would be more convenient to have one web site and specify for individual information elements which users are duly authorized, and which are not. But that level of sophistication is beyond the capabilities of web access login, which is simply concerned with the ability of the user to get there at all, and certainly is not concerned with what the user can do with the information once they have access to it.