# Authentication

Authentication aims to determine the identity of an entity.

* Entity may be user, system, or software.

The basic process relies on the verification of some property of the authenticated entity by the authenticator.

* Something that he has.
* Something that he knows.
* Something that he is.

## Base HTTP methods

Makes use of the Authorization header.

* The header is passed to applications as well as users.
* May require a password to be in clear text.
* Presents no configurable user interface.

Basic authentication through direct presentation of credentials.

* `Authorization: Basic base64(login:password)`

Digest authentication.

* The server replies with the authentication arguments in the WWW-Authenticate.

```
Authorization: Digest username="Mufasa",
                realm="testrealm@host.com",
                nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
                uri="/dir/index.html",
                qop=auth,
                nc=00000001,
                cnonce="0a4f113b",
                response="6629fae49393a05397450978507c4ef1",
                opaque="5ccc069c403ebaf9f0171e9517f40e41"
```