To simplify the re-engineering of existing applications, the Context Management Architecture defines an Authentication Repository. The Authentication Repository is a context management component that enables applications to securely store and retrieve user authentication data. This allows applications to authenticate users without exposing user logon actions and passwords to security risks.
The repository does not actually authenticate users. Rather, it enables existing applications that need a user's authentication data to have a way of obtaining this data while participating in a secure link common context system. The application uses a user's logon name to retrieve that user's authentication data from the repository securely. The application can then use the authentication data to verify the user in its own system. Applications should encrypt user authentication data before storing the information to the repository. The technique used is application specific.
Applications use the following LEADTOOLS CCOW SDK interfaces to interact with the Authentication Repository:
These interfaces enable an application to retrieve a user's authentication data securely and to update the data when necessary (for example, if the application periodically requires that users change their passwords or the repository does not have a reference to the user) using these interfaces.
An Authentication Repository can be implemented as a central service or a distributed service that services multiple applications. However, it must always appear as a private service to each application.