Date: Fri, 29 Mar 2024 01:34:31 +0000 (UTC) Message-ID: <1185821707.7.1711676071856@4e60c083bc6d> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6_53795822.1711676071856" ------=_Part_6_53795822.1711676071856 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
To begin with, remenber that JCAPTCHA deals with humanity, not identity.=
Humanity is a brand new notion, since only identity assertion is taken int=
o account by common security systems.
Identity of an actor is specified by a persistant identifier, known by b=
oth the target system and the actor.
Saying of an actor that it is identified means that :
Exemple of identifiers and associated identity assertion provider :
Most of current on line systems already deals with identity.
Humanity of an actor is not curently technologicaly specified, and there=
is no common way to handle it.
Saying that an actor is human means that
Those capabilities could be classified into two main categories
Most automated humanity assertion system check both capabilities.
Exemple of human capabilities and associated humanity assertion provider= :
Once you have a humanity assertion mecanism, also known as weak = authentication mecanism, one may use it to restrict access to serv= ices, this is the authorization.
This is a standard way to protect online services that shall not be read= by machine, for commercial or legal reasons.
This is a weaker protection than the mentioned above : the system check =
that an actor is human only if after it has done specific actions.
Exemple : the system check humanity of a user only if it ask the same page=
more than 2 times.
This kind of use of JCAPTCHA is done to protect system against proxy machi=
nes (that re-sell a service).
This is the most common use case, implemented for exemple by all major f= ree mail provider.
They use a captcha (type gimpy)to prevent massive machine registration.<= /p>
Protecting user/password is also a common use case : protecting a login = form with a captcha limits risks of a dictionnary attack.