The SSL and TLS protocols are the security technology of choice for the WWW and, indeed, most Web applications. As further addressed in Chapter 6, these protocols can be used to have a Web browser and a server authenticate each other, [14] establish a session key, and use this key to transparently encrypt, decrypt, and authenticate data segments that are exchanged between them. Consequently, this protocol can also be used to have a Web server (or HTTP proxy server) properly authenticate its users. This makes user authentication and authorization simple and straightforward. On the other side, however, it also requires that servers and browsers be equipped with public key certificates. Public key certificates and the establishment and use of corresponding infrastructures is further addressed in Chapters 7 and 8.
[14] Server-side authentication is mandatory in SSL and TLS, whereas client-side authentication is optional.