Create 11-authentication.livemd

hvalkerie19 · web-flow · commit fa99105f72a5 · 2023-02-06T13:41:48.000-07:00
draft/template
diff --git a/modules/11-authentication.livemd b/modules/11-authentication.livemd
@@ -0,0 +1,119 @@
+# ESCT: Part 11 - Authentication (Draft)
+
+## Introduction
+
+> ### 🛠 <span style="color:goldenrod;">MODULE UNDER CONSTRUCTION - Please move to next module</span>
+
+Authentication is the concept and refers to mechanisms for establishing an entity (person or machine) is who they say they are. 
+
+## Table of Contents
+
+* [Confusion with Authorization and Access](#confusion-with-authorization-and-access)
+* [Multi-factor Authentication](#multi-factor-authentication)
+* [Token-Based Implementations](#token-based-implementations)
+* [Authentication Channels](#authentication-channels)
+
+## Confusion with Authorization and Access
+
+### Description
+
+Multiple concepts that are very closely related.  One of the concepts we'll discuss later, OAuth, originally designed for authorization, has evolved into providing 
+authentication as well (not intended).  Authorization and Access are very similar concepts and are implemented together, sometimes within the Authorization mechanism.
+Confusing, right?
+
+### Security Concerns
+
+*TODO: Write Prevention*
+
+### <span style="color:blue;">Example</span> / <span style="color:red;">Quiz</span>
+
+*TODO: Make Example or Quiz Question*
+
+```elixir
+
+```
+
+## Multi-factor Authentication
+
+### Description
+
+Factors refer to 3 checks that work together to establish identity. 
+Something you know/that is in your brain - Password
+Something you have/possess/have physical or digital access to - Code generated by outside party; key
+Something you are/something unique to you as a person - fingerprint, facial recognition, other biometrics, palm scan, retinal scan
+
+Authentication can be implemented using one of these factors (single-factor) or 2 or more (multi-factor)
+
+Authentication mechanism can be complex...
+Security concerns/examples of multi-factor authentication getting hacked
+
+### Security Concerns
+
+*TODO: Write Prevention*
+
+### <span style="color:blue;">Example</span> / <span style="color:red;">Quiz</span>
+
+*TODO: Make Example or Quiz Question*
+
+```elixir
+
+```
+
+## Token-based Implementation
+
+### Description
+
+Tokens are ... long strings of random characters used to identify an entity, session, as a badge for access.
+
+Common implementations include OAuth:  [
+](https://www.youtube.com/watch?v=996OiexHze0)
+
+JSON Web Tokens (abbreviated JWT, pronounced "jot")
+
+### Security Concerns
+
+*TODO: Write Prevention*
+
+### <span style="color:blue;">Example</span> / <span style="color:red;">Quiz</span>
+
+*TODO: Make Example or Quiz Question*
+
+```elixir
+
+```
+
+<!-- livebook:{"branch_parent_index":4} -->
+
+## Authentication Channels
+
+### Description
+
+Authentication is the first step a user must complete to access a secure application/data.  For an application, that means something must be sent from 
+
+user->application authentication mechanism
+and from
+application authentication mechanism-> user
+
+user presents themselves in-person, or over a channel via electical signals
+application responds over that same channel
+
+WebSocket Connections ...
+
+Establish/Manage a Session
+
+Session-less ... fire and forget
+
+
+### Security Concerns
+
+*TODO: Write Prevention*
+
+### <span style="color:blue;">Example</span> / <span style="color:red;">Quiz</span>
+
+*TODO: Make Example or Quiz Question*
+
+```elixir
+
+```
+
+[**<- Previous Module: Secure SDLC Concepts**](./3-ssdlc.livemd) || [**Next Module: Elixir Security ->**](./5-elixir.livemd)
