Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Authentication Service 2.0"
(New page: This page describes a new network Authentication Service 1.1. The idea would be move Higgins services to a federated model. This would mean that both the Higgins Selector and all r...) |
|||
Line 1: | Line 1: | ||
− | + | {{#eclipseproject:technology.higgins|eclipse_custom_style.css}} | |
+ | [[Image:Higgins_logo_76Wx100H.jpg|right]] | ||
− | === LICS Authentication === | + | This page describes a new network [[Authentication Service 1.1]]. The idea would be move Higgins services to a federated model. This would mean that both the Higgins Selector app (e.g. [[GTK Selector 1.1-Win]]) and all supporting services (e.g. [[I-Card Service 1.1]], [[CardSync Service 1.1]], etc.) would rely on this new, external [[Authentication Service 1.1]]. |
+ | |||
+ | === Selector changes: LICS Authentication === | ||
Changes required to the un/pw login dialog box: | Changes required to the un/pw login dialog box: | ||
* Allow the user to login not just with a "local" un/pw approach, but also via one of a number of trusted OpenID (or SAML) providers. This would mean that the user could choose between "local" login (today's approach) or by clicking on 1..N buttons that represent OpenID or SAML IdPs. | * Allow the user to login not just with a "local" un/pw approach, but also via one of a number of trusted OpenID (or SAML) providers. This would mean that the user could choose between "local" login (today's approach) or by clicking on 1..N buttons that represent OpenID or SAML IdPs. |
Revision as of 02:35, 30 July 2009
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
This page describes a new network Authentication Service 1.1. The idea would be move Higgins services to a federated model. This would mean that both the Higgins Selector app (e.g. GTK Selector 1.1-Win) and all supporting services (e.g. I-Card Service 1.1, CardSync Service 1.1, etc.) would rely on this new, external Authentication Service 1.1.
Selector changes: LICS Authentication
Changes required to the un/pw login dialog box:
- Allow the user to login not just with a "local" un/pw approach, but also via one of a number of trusted OpenID (or SAML) providers. This would mean that the user could choose between "local" login (today's approach) or by clicking on 1..N buttons that represent OpenID or SAML IdPs.
- There could be a checkbox: "Clear all data from this machine when quitting this application"
- The login module would initiate an OpenID/Oauth interaction with the IdP.
- The login module would (through browser redirect back) end up with an access token
- The Local I-Card Service Package would send this access token on every message to the I-Card Service 1.1, CardSync Service 1.1, IdAS Proxy Service 1.1 and the Attribute Service 1.1.