Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

There are two ways that you can use the SP to protect content:

  • Actively, by intercepting requests for particular resources and ensuring that a valid, authenticated session exists between the user agent and the SP software before passing along the request

  • Passively, by publishing information about valid, authenticated sessions through CGI variables, but passing unauthenticated requests through unmolested

In both cases, the information about the session supplied by the SP is provided uniformly so that applications can be programmed to respond dynamically based on the information. The AttributeAccess topic describes this mechanism in detail.