Our new Authentication service makes several important improvements to the VISION System. Passwords are no longer stored directly in the VISION database, but are instead managed by a "trusted provider" service. This change makes VISION's security much more robust, as well as making management of user accounts that have access to both the Developer and Learning Station modules all the easier.
Benefits
Strong Security
Authentication eliminates the use of reversible encryption for password storage and uses state-of-the-art password hashing algorithms (PBKDF2). In fact, VISION applications will no longer have access to user passwords and now provides secure password reset workflows, and requires SSL/HTTPS for all communication between authentication server and clients.
The Authentication service also implements OAuth 2.0, prevents cross-site request forgery (CSRF) attacks, provides protection against clickjacking attacks and supports detection and suppression of brute force password guessing attacks.
Authentication Standards
The new authentication module supports the following standards:
•OAuth 2.0
•OpenID Connect 1.0
•SAML 2.0
Identity Management
•Single Sign On (SSO): This provides one login for multiple applications and unifies user accounts between VISION Learning Station and VISION Developer Module.
•Identity Brokering: This feature delegate authentication to trusted identity providers and use LDAP and Active Directory to authenticate corporate users. You can use cloud-first authentication providers like Office 365 or even allow social network logins, to increase accessibility.
•Identity Federation: Authentication retrieves user metadata from existing user directories and simplifies user management, keeping user information automatically updated.
•Seamless Integration: This feature continues to use existing methods for managing users in VISION applications, and adds new login screens themed to match VISION Learning Station.
Hosted Environment
In our hosted environment, Authentication enables you to use your corporate account for sign-in, eliminating extra accounts to remember. On premise installations also have the option to use a hosted authentication server, which will simplify deployment and updates.
Foundation for the Future
Finally, Authentication is the foundation of VISION's future. As a key step in our modernization initiative, it supports our shift to a fully web-based platform. It enables our development of secure public APIs and is well suited for integrating new web and mobile applications into the VISION System.
What has Changed?
Most users will not notice any significant change to the software. The underlying technology change is significant, but we've done everything we can to make sure the impact to users is minimal. There are some interface changes, however, which are covered below.
•Adding an exam proctoring session
