Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Authentication Materials"
(→Proposal for Goal #2) |
|||
Line 1: | Line 1: | ||
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}} | {{#eclipseproject:technology.higgins|eclipse_custom_style.css}} | ||
[[Image:Higgins_logo_76Wx100H.jpg|right]] | [[Image:Higgins_logo_76Wx100H.jpg|right]] | ||
+ | |||
== About == | == About == | ||
This page describes the concept of [[Authentication Materials]] used in the [[Context Data Model 1.1]]. [[Authentication Materials]] are needed to open a [[Context]]. | This page describes the concept of [[Authentication Materials]] used in the [[Context Data Model 1.1]]. [[Authentication Materials]] are needed to open a [[Context]]. | ||
Line 7: | Line 8: | ||
Currently, IdAS authentication materials in the IContext.open() call are defined to be just a java.lang.Object. This gives maximal flexibility to [[Context Provider]] implementations. | Currently, IdAS authentication materials in the IContext.open() call are defined to be just a java.lang.Object. This gives maximal flexibility to [[Context Provider]] implementations. | ||
− | == | + | == Authentication Material Types == |
− | + | The interface IAuthNMaterials defines the following string identifiers for common types of Authentication Materials: | |
− | + | <pre> | |
− | # | + | public static final String AUTHNMATERIALS_TYPE_ANONYMOUS = "urn:udi:authnmaterials:1.0:anonymous"; |
− | # | + | public static final String AUTHNMATERIALS_TYPE_LEASTPRIVILEGED = "urn:udi:authnmaterials:1.0:leastPrivileged"; |
− | + | public static final String AUTHNMATERIALS_TYPE_IMPLIED = "urn:udi:authnmaterials:1.0:implied"; | |
− | + | public static final String AUTHNMATERIALS_TYPE_USERNAMEPASSWORD = "urn:udi:authnmaterials:1.0:usernamePassword"; | |
+ | public static final String AUTHNMATERIALS_TYPE_PINFOCARD = "urn:udi:authnmaterials:1.0:p-infocard"; | ||
+ | public static final String AUTHNMATERIALS_TYPE_MINFOCARD = "urn:udi:authnmaterials:1.0:m-infocard"; | ||
+ | public static final String AUTHNMATERIALS_TYPE_SAMLPOLICY = "urn:udi:authnmaterials:1.0:samlpolicy"; | ||
+ | </pre> | ||
+ | |||
+ | # This is needed in scenarios when you do not know a priori what type(s) of Authentication Materials a [[Context]] accepts. | ||
+ | # For example, for [[R-Card]]s we use [[UDI]]s to point to Higgins [[Context]]s and [[Entity|Entities]]. When a [[UDI]] is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
* The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials) | * The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials) | ||
** In the case of '''urn:higgins:authmethod:1.0:m-infocard''' this additional information could be a base64 encoded I-Card <object> element. | ** In the case of '''urn:higgins:authmethod:1.0:m-infocard''' this additional information could be a base64 encoded I-Card <object> element. | ||
Line 31: | Line 29: | ||
</pre> | </pre> | ||
* The special identifier '''urn:higgins:authmethod:1.0:implied''' means that ''the party trying to open the Context must somehow know by itself what Authentication Materials to use''. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials. | * The special identifier '''urn:higgins:authmethod:1.0:implied''' means that ''the party trying to open the Context must somehow know by itself what Authentication Materials to use''. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
[[Category:Context Data Model 1.1]] | [[Category:Context Data Model 1.1]] |
Revision as of 17:54, 29 April 2009
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
About
This page describes the concept of Authentication Materials used in the Context Data Model 1.1. Authentication Materials are needed to open a Context.
Current Situation
Currently, IdAS authentication materials in the IContext.open() call are defined to be just a java.lang.Object. This gives maximal flexibility to Context Provider implementations.
Authentication Material Types
The interface IAuthNMaterials defines the following string identifiers for common types of Authentication Materials:
public static final String AUTHNMATERIALS_TYPE_ANONYMOUS = "urn:udi:authnmaterials:1.0:anonymous"; public static final String AUTHNMATERIALS_TYPE_LEASTPRIVILEGED = "urn:udi:authnmaterials:1.0:leastPrivileged"; public static final String AUTHNMATERIALS_TYPE_IMPLIED = "urn:udi:authnmaterials:1.0:implied"; public static final String AUTHNMATERIALS_TYPE_USERNAMEPASSWORD = "urn:udi:authnmaterials:1.0:usernamePassword"; public static final String AUTHNMATERIALS_TYPE_PINFOCARD = "urn:udi:authnmaterials:1.0:p-infocard"; public static final String AUTHNMATERIALS_TYPE_MINFOCARD = "urn:udi:authnmaterials:1.0:m-infocard"; public static final String AUTHNMATERIALS_TYPE_SAMLPOLICY = "urn:udi:authnmaterials:1.0:samlpolicy";
- This is needed in scenarios when you do not know a priori what type(s) of Authentication Materials a Context accepts.
- For example, for R-Cards we use UDIs to point to Higgins Contexts and Entities. When a UDI is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to.
- The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials)
- In the case of urn:higgins:authmethod:1.0:m-infocard this additional information could be a base64 encoded I-Card <object> element.
urn:higgins:authmethod:1.0:m-infocard?policyhere
- The special identifier urn:higgins:authmethod:1.0:implied means that the party trying to open the Context must somehow know by itself what Authentication Materials to use. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials.