Authentication Resources

We list and maybe even review authentication systems and interfaces that will show the range of what might be expected of wiki in diverse circumstances.

Scott Motte's Email only authentication as an open-source authentication alternative to traditional username/password authentication. osb video

Jesse Hallett says, Almost every web application relies on cookies to authenticate each request after the user logs in. Cookies are vulnerable to cross-site request forgery and session hijacking. It is time to explore better, more secure alternatives that are now possible thanks to practical in-browser cryptography. osb talk

JSON Web Token (JWT) is a JSON-based open standard for passing claims between parties in web application environment. The tokens are designed to be compact, URL-safe and usable especially in web browser single sign-on context. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes. wikipedia

Frankie Sardo writes about using JSON tokens to authenticate a single page application. blog

Tim McLean writes about critical vulnerabilities in JSON Web Token libraries. blog

Paul Kinlan on Credential Management API including demo and code. blog


Authentication schemes are only safe when credentials are passed securely, for example using SSL. Having a free Certificate Authority, like Let's Encrypt, will act as an enabler both to the adoption of SSL and authentication schemes like WebID, and IndieCert, which rely on SSL.