Authentication Materials

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

About

This page describes the concept of Authentication Materials used in the Context Data Model 1.1. Authentication Materials are needed to open a Context. For example, in the case of opening an LDAP Context, a username and password may be required.

Authentication Materials are classes which implement the IdAS IAuthNMaterials interface. This is only a marker interface without methods.

Authentication Material Types

In certain situations, it is helpful to have identifiers for common types of Authentication Materials:

• For example, for R-Cards we use UDIs to point to Higgins Contexts and Entities. When a UDI is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to.
• UDIs are used for implementing R-Cards

The interface IAuthNMaterials defines the following string identifiers for common types of Authentication Materials:

urn:udi:authnmaterials:1.0:anonymous
urn:udi:authnmaterials:1.0:leastPrivileged
urn:udi:authnmaterials:1.0:implied
urn:udi:authnmaterials:1.0:usernamePassword
urn:udi:authnmaterials:1.0:p-infocard
urn:udi:authnmaterials:1.0:m-infocard
urn:udi:authnmaterials:1.0:samlpolicy

Notes:

• The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials)
  • For example, in the case of urn:higgins:authmethod:1.0:m-infocard this additional information could be a base64 encoded I-Card <object> element:

urn:higgins:authmethod:1.0:m-infocard?encoded-object-element

• The special identifier urn:higgins:authmethod:1.0:implied means that the party trying to open the Context must somehow know by itself what Authentication Materials to use. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials.