Authentication Requirements
- Cannot just get a String, need to be able interrogate type of token.
- User = SecuritygetCurrent
- getType () (i.e. Kerberos, MIT ID, email address, Alumni ID, etc)
- convertTo (type) - allows programmer to convert between supported types Service
- Service layer access to authenticated user without having it explicitly passed in each call*
- A - A way to do machine to machine authentication (or app to app authentication)
- An * - An ability to invoke service method on behalf of a named business user
Ability #Ability to impersonate another for testing just within a particular application - Grant Grant Impersonate to X for application Y
- UI to let X type in user Z to impersonate them
- The above methods for getCurrentUser () must return
Authorization requirements
Below are the documents that came out of the GASP/ISDA meetings:
AuthorizationModelForCombiningExplicitAndImplicitAuthorizations.vsd
...