Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Authentication Materials"
(→Goals) |
|||
| Line 9: | Line 9: | ||
== Goals == | == Goals == | ||
We would like to be able to do the following: | We would like to be able to do the following: | ||
| − | + | # Have identifiers for common types of Authentication Materials | |
** This is needed in scenarios when you do not know a priori what type(s) of Authentication Materials a [[Context]] accepts. | ** This is needed in scenarios when you do not know a priori what type(s) of Authentication Materials a [[Context]] accepts. | ||
** For example, for [[R-Card]]s we use [[UDI]]s to point to Higgins [[Context]]s and [[Entity|Entities]]. When a [[UDI]] is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to. | ** For example, for [[R-Card]]s we use [[UDI]]s to point to Higgins [[Context]]s and [[Entity|Entities]]. When a [[UDI]] is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to. | ||
| − | + | # (De-)serialize a concrete instance of Authentication Materials (e.g. to/from XML, String, etc.) | |
** This is useful in scenarios in which you send Authentication Materials over the network, e.g. in IdAS REST interfaces such as http://code.bandit-project.org/trac/wiki/OTIS and the [[XDI Engine]]. | ** This is useful in scenarios in which you send Authentication Materials over the network, e.g. in IdAS REST interfaces such as http://code.bandit-project.org/trac/wiki/OTIS and the [[XDI Engine]]. | ||
| − | == Proposal == | + | == Proposal for Goal #1 == |
| − | + | ||
* Define the following identifiers for common types of Authentication Materials: | * Define the following identifiers for common types of Authentication Materials: | ||
*# urn:higgins:authmethod:1.0:usernamePassword | *# urn:higgins:authmethod:1.0:usernamePassword | ||
*# urn:higgins:authmethod:1.0:anonymous | *# urn:higgins:authmethod:1.0:anonymous | ||
| − | *# urn:higgins:authmethod:1.0:infocard | + | *# urn:higgins:authmethod:1.0:p-infocard |
| + | *# urn:higgins:authmethod:1.0:m-infocard | ||
*# urn:higgins:authmethod:1.0:samlpolicy | *# urn:higgins:authmethod:1.0:samlpolicy | ||
*# ... TODO ... | *# ... TODO ... | ||
| + | * Make it possible to pass additional information in the identifier, e.g. a RP's security policy (the semantics of what's in an I-Card <object> tag). This could be done by using the query string of the identifier, e.g. | ||
| + | urn:higgins:authmethod:1.0:m-infocard?policyhere | ||
| + | |||
| + | == Proposal for Goal #2 == | ||
* Introduce an interface "IAuthnMaterials" in org.eclipse.higgins.idas.api. | * Introduce an interface "IAuthnMaterials" in org.eclipse.higgins.idas.api. | ||
** Make this only a marker interface without methods | ** Make this only a marker interface without methods | ||
| − | ** As a convention, implementations of this interface should | + | ** As a convention, implementations of this interface should provide a '''toString()''' method that can serialize the Authentication Materials to a String, and a constructor with the arguments '''(IContext, String)''', which can be used to reconstruct the Authentication Materials from the String. |
[[Category:Context Data Model 1.1]] | [[Category:Context Data Model 1.1]] | ||
Revision as of 11:42, 10 March 2009
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
About
This page describes the concept of Authentication Materials used in the Context Data Model 1.1. Authentication Materials are needed to open a Context.
Current Situation
Currently, IdAS authentication materials in the IContext.open() call are defined to be just a java.lang.Object. This gives maximal flexibility to Context Provider implementations.
Goals
We would like to be able to do the following:
- Have identifiers for common types of Authentication Materials
- This is needed in scenarios when you do not know a priori what type(s) of Authentication Materials a Context accepts.
- For example, for R-Cards we use UDIs to point to Higgins Contexts and Entities. When a UDI is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to.
- (De-)serialize a concrete instance of Authentication Materials (e.g. to/from XML, String, etc.)
- This is useful in scenarios in which you send Authentication Materials over the network, e.g. in IdAS REST interfaces such as http://code.bandit-project.org/trac/wiki/OTIS and the XDI Engine.
Proposal for Goal #1
- Define the following identifiers for common types of Authentication Materials:
- Make it possible to pass additional information in the identifier, e.g. a RP's security policy (the semantics of what's in an I-Card <object> tag). This could be done by using the query string of the identifier, e.g.
urn:higgins:authmethod:1.0:m-infocard?policyhere
Proposal for Goal #2
- Introduce an interface "IAuthnMaterials" in org.eclipse.higgins.idas.api.
- Make this only a marker interface without methods
- As a convention, implementations of this interface should provide a toString() method that can serialize the Authentication Materials to a String, and a constructor with the arguments (IContext, String), which can be used to reconstruct the Authentication Materials from the String.