For cooperative work over the Internet, it is essential that everybody can be reasonably sure that a BSCW user is really a specific individual. BSCW uses email addresses as a basis for authentication.

The registration procedure is based on two assumptions:

• A prospective BSCW user has at least one, possibly more, valid personal email address(es).
• Email to a personal email address cannot be read by third parties without the consent of the addressee; the danger that email is intercepted during transport over the Internet or on the user's computer system is deliberately neglected.

Though not valid in general, the second assumption seems acceptable for public BSCW servers. It allows public BSCW servers to use a registration procedure with a good combination of flexibility (users may register without administrator intervention) and traceability (in the case of problems, the server administrator can identify the users via their email addresses and contact them).

Note:

Your BSCW server may also be operated using a secure SSL (Secure Socket Layer) compatible Internet connection. Additionally, you may authenticate yourself using X.509 Client Certificates instead of the comparatively unsecure basic authentication. Ask your system administrator about security options.