Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Authentication Materials"
Line 7: | Line 7: | ||
== Authentication Material Types == | == Authentication Material Types == | ||
− | The interface IAuthNMaterials defines the following string identifiers for common types of Authentication Materials: | + | |
+ | In certain situations, it is helpful to have identifiers for common types of Authentication Materials: | ||
+ | * For example, for [[R-Card]]s we use [[UDI]]s to point to Higgins [[Context]]s and [[Entity|Entities]]. When a [[UDI]] is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to. | ||
+ | * [[UDI]]s are used for implementing [[R-Card]]s | ||
+ | |||
+ | The interface '''IAuthNMaterials''' defines the following string identifiers for common types of Authentication Materials: | ||
<pre> | <pre> | ||
urn:udi:authnmaterials:1.0:anonymous | urn:udi:authnmaterials:1.0:anonymous | ||
Line 18: | Line 23: | ||
</pre> | </pre> | ||
− | + | Notes: | |
− | + | ||
* The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials) | * The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials) | ||
− | ** | + | ** For example, in the case of '''urn:higgins:authmethod:1.0:m-infocard''' this additional information could be a base64 encoded I-Card <object> element: |
<pre> | <pre> | ||
− | urn:higgins:authmethod:1.0:m-infocard? | + | urn:higgins:authmethod:1.0:m-infocard?encoded-object-element |
</pre> | </pre> | ||
* The special identifier '''urn:higgins:authmethod:1.0:implied''' means that ''the party trying to open the Context must somehow know by itself what Authentication Materials to use''. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials. | * The special identifier '''urn:higgins:authmethod:1.0:implied''' means that ''the party trying to open the Context must somehow know by itself what Authentication Materials to use''. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials. | ||
[[Category:Context Data Model 1.1]] | [[Category:Context Data Model 1.1]] |
Revision as of 17:53, 1 May 2009
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
About
This page describes the concept of Authentication Materials used in the Context Data Model 1.1. Authentication Materials are needed to open a Context.
Authentication Materials are classes which implement the IdAS IAuthNMaterials interface. This is only a marker interface without methods.
Authentication Material Types
In certain situations, it is helpful to have identifiers for common types of Authentication Materials:
- For example, for R-Cards we use UDIs to point to Higgins Contexts and Entities. When a UDI is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to.
- UDIs are used for implementing R-Cards
The interface IAuthNMaterials defines the following string identifiers for common types of Authentication Materials:
urn:udi:authnmaterials:1.0:anonymous urn:udi:authnmaterials:1.0:leastPrivileged urn:udi:authnmaterials:1.0:implied urn:udi:authnmaterials:1.0:usernamePassword urn:udi:authnmaterials:1.0:p-infocard urn:udi:authnmaterials:1.0:m-infocard urn:udi:authnmaterials:1.0:samlpolicy
Notes:
- The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials)
- For example, in the case of urn:higgins:authmethod:1.0:m-infocard this additional information could be a base64 encoded I-Card <object> element:
urn:higgins:authmethod:1.0:m-infocard?encoded-object-element
- The special identifier urn:higgins:authmethod:1.0:implied means that the party trying to open the Context must somehow know by itself what Authentication Materials to use. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials.