Skip to main content

Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "Authentication Materials"

(Proposal for Goal #2)
Line 1: Line 1:
 
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
 
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
 
[[Image:Higgins_logo_76Wx100H.jpg|right]]
 
[[Image:Higgins_logo_76Wx100H.jpg|right]]
 +
 
== About ==
 
== About ==
 
This page describes the concept of [[Authentication Materials]] used in the [[Context Data Model 1.1]]. [[Authentication Materials]] are needed to open a [[Context]].
 
This page describes the concept of [[Authentication Materials]] used in the [[Context Data Model 1.1]]. [[Authentication Materials]] are needed to open a [[Context]].
Line 7: Line 8:
 
Currently, IdAS authentication materials in the IContext.open() call are defined to be just a java.lang.Object. This gives maximal flexibility to [[Context Provider]] implementations.
 
Currently, IdAS authentication materials in the IContext.open() call are defined to be just a java.lang.Object. This gives maximal flexibility to [[Context Provider]] implementations.
  
== Goals ==
+
== Authentication Material Types ==
We would like to be able to do the following:
+
The interface IAuthNMaterials defines the following string identifiers for common types of Authentication Materials:
# Have identifiers for common types of Authentication Materials
+
<pre>
#* This is needed in scenarios when you do not know a priori what type(s) of Authentication Materials a [[Context]] accepts.
+
public static final String AUTHNMATERIALS_TYPE_ANONYMOUS = "urn:udi:authnmaterials:1.0:anonymous";
#* For example, for [[R-Card]]s we use [[UDI]]s to point to Higgins [[Context]]s and [[Entity|Entities]]. When a [[UDI]] is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to.
+
public static final String AUTHNMATERIALS_TYPE_LEASTPRIVILEGED = "urn:udi:authnmaterials:1.0:leastPrivileged";
# (De-)serialize a concrete instance of Authentication Materials (e.g. to/from XML, String, etc.)
+
public static final String AUTHNMATERIALS_TYPE_IMPLIED = "urn:udi:authnmaterials:1.0:implied";
#* This is useful in scenarios in which you send Authentication Materials over the network, e.g. in IdAS REST interfaces such as http://code.bandit-project.org/trac/wiki/OTIS and the [[XDI Engine]].
+
public static final String AUTHNMATERIALS_TYPE_USERNAMEPASSWORD = "urn:udi:authnmaterials:1.0:usernamePassword";
 +
public static final String AUTHNMATERIALS_TYPE_PINFOCARD = "urn:udi:authnmaterials:1.0:p-infocard";
 +
public static final String AUTHNMATERIALS_TYPE_MINFOCARD = "urn:udi:authnmaterials:1.0:m-infocard";
 +
public static final String AUTHNMATERIALS_TYPE_SAMLPOLICY = "urn:udi:authnmaterials:1.0:samlpolicy";
 +
</pre>
 +
 
 +
# This is needed in scenarios when you do not know a priori what type(s) of Authentication Materials a [[Context]] accepts.
 +
# For example, for [[R-Card]]s we use [[UDI]]s to point to Higgins [[Context]]s and [[Entity|Entities]]. When a [[UDI]] is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to.
  
== Proposal for Goal #1 ==
 
* Define the following identifiers for common types of Authentication Materials:
 
*# '''urn:higgins:authmethod:1.0:anonymous'''
 
*# '''urn:higgins:authmethod:1.0:leastPrivileged'''
 
*# '''urn:higgins:authmethod:1.0:usernamePassword'''
 
*# '''urn:higgins:authmethod:1.0:p-infocard'''
 
*# '''urn:higgins:authmethod:1.0:m-infocard'''
 
*# '''urn:higgins:authmethod:1.0:samlpolicy'''
 
*# '''urn:higgins:authmethod:1.0:implied'''
 
*# ... TODO ...
 
 
* The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials)
 
* The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials)
 
** In the case of '''urn:higgins:authmethod:1.0:m-infocard''' this additional information could be a base64 encoded I-Card <object> element.
 
** In the case of '''urn:higgins:authmethod:1.0:m-infocard''' this additional information could be a base64 encoded I-Card <object> element.
Line 31: Line 29:
 
</pre>
 
</pre>
 
* The special identifier '''urn:higgins:authmethod:1.0:implied''' means that ''the party trying to open the Context must somehow know by itself what Authentication Materials to use''. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials.
 
* The special identifier '''urn:higgins:authmethod:1.0:implied''' means that ''the party trying to open the Context must somehow know by itself what Authentication Materials to use''. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials.
 
== Proposal for Goal #2 ==
 
* Introduce an interface "IAuthnMaterials" in org.eclipse.higgins.idas.api.
 
** Make this only a marker interface without methods
 
* Make authentication materials classes simple JavaBeans, which makes it easy to (de)serialize them
 
** Remove business logic from those classes
 
** Remove reference to IContext in constructors of those classes
 
  
 
[[Category:Context Data Model 1.1]]
 
[[Category:Context Data Model 1.1]]

Revision as of 17:54, 29 April 2009

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

Higgins logo 76Wx100H.jpg

About

This page describes the concept of Authentication Materials used in the Context Data Model 1.1. Authentication Materials are needed to open a Context.

Current Situation

Currently, IdAS authentication materials in the IContext.open() call are defined to be just a java.lang.Object. This gives maximal flexibility to Context Provider implementations.

Authentication Material Types

The interface IAuthNMaterials defines the following string identifiers for common types of Authentication Materials: 

	public static final String AUTHNMATERIALS_TYPE_ANONYMOUS = "urn:udi:authnmaterials:1.0:anonymous";
	public static final String AUTHNMATERIALS_TYPE_LEASTPRIVILEGED = "urn:udi:authnmaterials:1.0:leastPrivileged";
	public static final String AUTHNMATERIALS_TYPE_IMPLIED = "urn:udi:authnmaterials:1.0:implied";
	public static final String AUTHNMATERIALS_TYPE_USERNAMEPASSWORD = "urn:udi:authnmaterials:1.0:usernamePassword";
	public static final String AUTHNMATERIALS_TYPE_PINFOCARD = "urn:udi:authnmaterials:1.0:p-infocard";
	public static final String AUTHNMATERIALS_TYPE_MINFOCARD = "urn:udi:authnmaterials:1.0:m-infocard";
	public static final String AUTHNMATERIALS_TYPE_SAMLPOLICY = "urn:udi:authnmaterials:1.0:samlpolicy";
  1. This is needed in scenarios when you do not know a priori what type(s) of Authentication Materials a Context accepts.
  2. For example, for R-Cards we use UDIs to point to Higgins Contexts and Entities. When a UDI is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to.
  • The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials) 
urn:higgins:authmethod:1.0:m-infocard?policyhere
  • The special identifier urn:higgins:authmethod:1.0:implied means that the party trying to open the Context must somehow know by itself what Authentication Materials to use. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials.
Retrieved from "https://wiki.eclipse.org/index.php?title=Authentication_Materials&oldid=151441"

Back to the top