Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Authentication Service 2.0"
(→Selector changes: LICS Authentication) |
(→Selector changes: LICS Authentication) |
||
| Line 11: | Line 11: | ||
=== Selector changes: LICS Authentication === | === Selector changes: LICS Authentication === | ||
Changes required to the un/pw login dialog box: | Changes required to the un/pw login dialog box: | ||
| − | * Allow the user to login not just with a "local" un/pw approach, but also via one of a number of trusted OpenID | + | * Allow the user to login not just with a "local" un/pw approach, but also via one of a number of trusted OpenID providers. This would mean that the user could choose between "local" login (today's approach) or by clicking on 1..N buttons that represent OpenID or SAML IdPs. |
* The login module would initiate an OpenID/OAuth interaction with the IdP. It would only initiate OpenID/OAuth to hard-coded list of IdPs. | * The login module would initiate an OpenID/OAuth interaction with the IdP. It would only initiate OpenID/OAuth to hard-coded list of IdPs. | ||
* The login module would (through browser redirect back) end up with an access token | * The login module would (through browser redirect back) end up with an access token | ||
| Line 18: | Line 18: | ||
While we're making changes to the login module: | While we're making changes to the login module: | ||
* There could be a checkbox: "Clear all data from this machine when quitting this application". If checked, the LICS would delete all locally stored data from the machine when the Azigo app quit. | * There could be a checkbox: "Clear all data from this machine when quitting this application". If checked, the LICS would delete all locally stored data from the machine when the Azigo app quit. | ||
| − | |||
=== Changes to Selector-Supporting Services === | === Changes to Selector-Supporting Services === | ||
The [[I-Card Service 1.1]], [[CardSync Service 1.1]], [[IdAS Proxy Service 1.1]] and the [[Attribute Service 1.1]] would all need to be changed to rely on the access token generated by the [[Authentication Service 1.1]] for authentication. | The [[I-Card Service 1.1]], [[CardSync Service 1.1]], [[IdAS Proxy Service 1.1]] and the [[Attribute Service 1.1]] would all need to be changed to rely on the access token generated by the [[Authentication Service 1.1]] for authentication. | ||
Revision as of 02:50, 30 July 2009
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
This page describes a new network Authentication Service 1.1. The idea would be move Higgins services to a federated model. This would mean that both the Higgins Selector app (e.g. GTK Selector 1.1-Win) and all supporting services (e.g. I-Card Service 1.1, CardSync Service 1.1, etc.) would rely on this new, external Authentication Service 1.1.
Service
- First version should be an OpenID OP and use OAuth for returning the access token
- Would authenticate using a combination of (i) a manually typed in un/pw + (ii) POP of a client-serialized-key + (perhaps) (iii) some digital fingerprint data from the machine
- Returns access token in browser redirect
Selector changes: LICS Authentication
Changes required to the un/pw login dialog box:
- Allow the user to login not just with a "local" un/pw approach, but also via one of a number of trusted OpenID providers. This would mean that the user could choose between "local" login (today's approach) or by clicking on 1..N buttons that represent OpenID or SAML IdPs.
- The login module would initiate an OpenID/OAuth interaction with the IdP. It would only initiate OpenID/OAuth to hard-coded list of IdPs.
- The login module would (through browser redirect back) end up with an access token
- The Local I-Card Service Package would send this access token on every message to the I-Card Service 1.1, CardSync Service 1.1, IdAS Proxy Service 1.1 and the Attribute Service 1.1.
While we're making changes to the login module:
- There could be a checkbox: "Clear all data from this machine when quitting this application". If checked, the LICS would delete all locally stored data from the machine when the Azigo app quit.
Changes to Selector-Supporting Services
The I-Card Service 1.1, CardSync Service 1.1, IdAS Proxy Service 1.1 and the Attribute Service 1.1 would all need to be changed to rely on the access token generated by the Authentication Service 1.1 for authentication.