Table of Contents
Authentication in a printing environment is the act of confirming the digital identity of the person who issued a print job. Knowledge of this identity is crucial for SavaPage to securely offer its services to the right user. The next sections discuss authenticated printing in:
But first, let us introduce the key authentication concepts where our discussion is based upon.
This section lists the main authentication concepts headed with a short term. Each term is defined with a concise description, optionally followed with more details and a list of invariants.
A User who represents a real human being, as opposed to an abstract human role, software service or hardware device.
Only Persons can login to SavaPage.
Any User can print to a SavaPage Printer. However, SavaPage assigns a print job to a Person.
A Synchronized User that is a Person.
Before Authenticated Abstract Users can print to a SavaPage Printer they need to login to the SavaPage Web App on the same device from which they use the printer.
Authenticated Persons can print to SavaPage without being logged in to the Web App.
A SavaPage Print Queue whose print jobs are trusted to originate from Authenticated Users.
Each SavaPage Print Queue is trusted by default. However, administrators can mark SavaPage Print Queues as untrusted.
Every job of a Trusted SavaPage Queue is checked for the originating User. When this user is an Abstract User, SavaPage uses IP Based Authentication to deduce the associated Person. When the Person cannot be deduced the job is ignored.
Note that the “trust” qualification is SavaPage internal use only, and not related to network domain trust in any way.
SavaPage Print Queues are IPP based and, from a network point of view, are publicly accessible by nature.
In the Microsoft Active Directory world IPP Printers cannot be encapsulated as native domain resource and subjected to native domain access control like JetDirect compatible devices. This is why SavaPage does not bet on native domain trust alone, and accepts public network access as a given fact. But even in this case, SavaPage Print Queues can still be internally trusted if access is limited to authorized users on a network level. Stated the other way round: administrators need to prevent that users who connect to the network unauthenticated, e.g. with their personal laptop, use Trusted SavaPage Queues. SavaPage adds a helping hand here with an option to restrict print queue usage to a specific range of IP addresses. This makes it possible for instance to deny trusted queue access for wireless users who get their IP addresses from a distinct DHCP server issuing leases from a distinct IP range.
When non-domain users are allowed to print to Trusted SavaPage Printers an accidental match with a Synchronized Person may lead to undesirable results.
A SavaPage Print Queue where print jobs are not trusted to originate from Authenticated Users.
Deduction of the printing Person by matching the IPv4 address of the originating host of the print job with the authenticated SavaPage Web App Session on the same host.
Deduction of the printing Person using the email address of the sender.
A User defined on a local device.
An Abstract User defined on a local device.
A Person defined on a local device.
An alternative name for a User.
For more information see Section 13.4, “User Name Aliases”.