[英]What's the difference between one way authentication and mutual authentication. And give some examples
I'm studying for this exam identity & access management. 我正在攻读这个考试身份和访问管理。 The question is what is the difference between one way authentication and mutual authentication? 问题是单向认证和相互认证之间有什么区别? Our prof says mutual is TLS but if I search on the internet TLS is also one way authentication... So I'm a bit confused 我们的教授说互助是TLS,但如果我在互联网上搜索TLS也是单向认证......所以我有点困惑
TLS is a protocol for guaranteeing security in the exchange of information. TLS是一种用于保证信息交换安全性的协议。 It is used in particular on the HTTP protocol. 它特别用于HTTP协议。 The TLS protocol allows both unilateral authentication and bilateral authentication (or mutual authentication). TLS协议允许单方认证和双边认证(或相互认证)。 Recently I published on GitHub a project that implements a system of Mutual Authentication based on Apache 2.4 and the TLS 1.2 protocol. 最近我在GitHub上发布了一个项目,该项目实现了基于Apache 2.4和TLS 1.2协议的相互认证系统。 https://github.com/amusarra/docker-apache-ssl-tls-mutual-authentication/ https://github.com/amusarra/docker-apache-ssl-tls-mutual-authentication/
The attached image shows the call to a REST service in mutual authentication 附加的图像显示了在相互身份验证中对REST服务的调用
I have implemented both one-way and mutual SSL in Applications hosted on Java and Webmethods technology. 我已经在Java和Webmethods技术托管的应用程序中实现了单向和双向SSL。 In One-way authentication, there is a server certificate that the client receives, trusts it (registers it) and sends back a secret along with the server certificate. 在单向身份验证中,有一个服务器证书,客户端接收,信任它(注册它)并发回一个秘密以及服务器证书。 Hence, a successful SSL Handshake occurs. 因此,发生了成功的SSL握手。 In mutual SSL, in addition to trusting the Server Certificate, the Client also provides it's own certificate to the Server. 在相互SSL中,除了信任服务器证书之外,客户端还向服务器提供自己的证书。 Hence, a mutual trust is maintained between the Server and the Client after which the secrets are transferred. 因此,在服务器和客户端之间保持相互信任,之后传输秘密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.