Date: Wed, 20 May 2015 17:13:38 +0200
p.s.
I just noticed that the Servlet spec is in fact using both terms as well.
This is most evident in (emphasis mine)
13.6:
Authentication
A web client can authenticate a user to a web server using one of the
following
*mechanisms*:
* HTTP Basic Authentication
* HTTP Digest Authentication
* HTTPS Client Authentication
* Form Based Authentication
13.6.5:
Additional Container Authentication *Mechanisms*
Servlet containers should provide public interfaces that may be used to
integrate and
configure additional HTTP message layer *authentication mechanisms* for use
by the
container on behalf of deployed applications.
And in 14.4:
The login-config is used to configure the *authentication method* that
should
be used, the realm name that should be used for this application, and the
attributes that are needed by the form login *mechanism*. The sub-element
auth-
method configures the *authentication mechanism* for the Web application.
In fact, despite the web.xml element being called "auth-method", the spec
actually seems to have more references to "authentication mechanism" than
it has to "authentication method" or "auth-method" (although search in PDF
is not 100% accurate).
Maybe it's an issue that should be raised with the Servlet spec as well.
Kind regards,
Arjan Tijms
On Wed, May 20, 2015 at 3:09 PM, Ajay Reddy <areddy_at_us.ibm.com> wrote:
> I use both these terms when discussing authentication, but I think I use
> Method more than Mechanism :-) - so my vote is for Authentication Method.
>
>
> Regards,
> Ajay Reddy
>
>
>
>
> [image: Inactive hide details for Werner Keil ---05/20/2015 07:24:01
> AM---Actually if there are more out of the 14 eligable who might s]Werner
> Keil ---05/20/2015 07:24:01 AM---Actually if there are more out of the 14
> eligable who might still cast their vote now, could I pleas
>
> From: Werner Keil <werner.keil_at_gmail.com>
> To: "jsr375-experts_at_javaee-security-spec.java.net" <
> jsr375-experts_at_javaee-security-spec.java.net>
> Date: 05/20/2015 07:24 AM
> Subject: [javaee-security-spec users] [jsr375-experts] Re:
> 1-TerminologyAuthInteractionVsStore ACTION: cast vote
> ------------------------------
>
>
>
> Actually if there are more out of the 14 eligable who might still cast
> their vote now, could I please
> -1 "authentication mechanism"? to give "authentication method" a fair
> chance?;-)
> It was my 2nd choice anyway.
>
> Thanks,
> Werner
>
> On Wed, May 20, 2015 at 2:19 PM, arjan tijms <*arjan.tijms_at_gmail.com*
> <arjan.tijms_at_gmail.com>> wrote:
>
> Hi,
>
> On Wed, May 20, 2015 at 2:04 PM, Ivar Grimstad wrote:
> I think I will go for auth-method for the same reasons as Adam
> mentioned, but authentication method sounds just as fine.
>
> Great, that now gives us:
>
> Terms so far:
>
> * auth-method
> * authentication method (Resin term 1)
> * authentication mechanism (Undertow)
> * authenticator (Tomcat)
> * login manager (Resin term 2)
> * login (Resin term 3)
>
> 7 out of 14 voted:
>
> Arjan Tijms - authentication mechanism
> Adam: auth-method (because in web.xml + servlet)
> Darran Lofthouse - authentication mechanism
> Pedro Igor - authentication mechanism
> Rudy De Busscher - authentication mechanism (slightly favored) /
> authentication method
> Werner Keil - authentication mechanism /
> authentication method (slightly favored)
> Ivar Grimstad - auth-method / authentication method
>
>
> Organized per term:
>
> authentication mechanism - 5
> authentication method - 3
> auth-method - 2
>
> Kind regards,
> Arjan Tijms
>
>
>
(image/gif attachment: graycol.gif)