Alternative methods of authentication

The default method of authentication for BSCW servers is the standard ‘basic authentication’ scheme of most Web browsers using user name and password. This method of authentication is comparatively insecure: when BSCW server traffic is intercepted, user name and password may be revealed to third parties.

The situation can be improved by encrypting the BSCW server traffic. Indeed, your BSCW server may be operated using HTTPS (a combination of HTTP and a cryptographic transport protocol) for communication between your browser and the BSCW server. Ask your adminis­trator about this possibility if not already in operation (in this case your BSCW server address starts with https:// instead of with http://).

Your BSCW server may also be configured to allow for other methods of authentication, most notably methods that can be used across a variety of Web services without the necessity to memorize different user names and passwords for each service or even to authenticate again and again when switching services (so-called). Alternative methods of authen­tication available for your BSCW server are offered to you on the same page that is shown when logging into BSCW.

An example of a single sign-on process is OpenID where authentication is done via specific identification services (known as OpenID providers) where you maintain an OpenID identity. When­ever you see the OpenID icon OpenID on the login page, you may log into your BSCW server entering the URL of your OpenID provider.

      Enter the URL of your OpenID provider into the respective field of the BSCW login page. You may obtain an OpenID identity from one of the many OpenID providers. E.g., users with a Google account may log into BSCW using the follow­ing URL https://www.google.com/accounts/o8/id.

      You will then be prompted by your OpenID provider to authenticate yourself. After­wards you are logged into BSCW.

The main advantage of this method is that you now do not have to authenticate again with other OpenID-enabled websites. More details are to be found at http://openid.net/.