Cisco Cisco Web Security Appliance S390 Guida Utente

Supported by all browsers and most 
other applications

RFC-based

Minimal overhead

Works for HTTPS 
(CONNECT) requests

Because the passphrase is not 
transmitted to the authentication 
server, it is more secure

Connection is authenticated, not the 
host or IP address

Achieves true single sign-on in an 
Active Directory environment 
when the client applications are 
configured to trust the 

Disadvantages:

Passphrase sent as clear text 
(Base64) for every request

No single sign-on

Moderate overhead: each new 
connection needs to be 
re-authenticated

Primarily supported on Windows 
only and with major browsers only

Works with all major browsers

With user agents that do not 
support authentication, users 
only need to authenticate first in 
a supported browser

Relatively low overhead

Works for HTTPS requests if the 
user has previously authenticated 
with an HTTP request

Disadvantages:

Authentication credentials are 
associated with the IP address, not 
the user (does not work in Citrix and 
RDP environments, or if the user 
changes IP address)

No single sign-on

Passphrase is sent as clear text 
(Base64)

Advantages:

Works with all major browsers

Authentication is associated 
with the user rather than the host 
or IP address

Disadvantages:

Each new web domain requires the 
entire authentication process 
because cookies are domain specific

Requires cookies to be enabled

Does not work for HTTPS requests

No single sign-on

Passphrase is sent as clear text 
(Base64)