Authentication Requirements
Use Cases
- NAMED SUBSET OF MIT COMMUNITY: Standard Administrative Applications
- UNSECURE PORT: If user tries to enter the application via a non-SSL (unsecure) port then the application should display a page that does the following:
- Display a statement saying that this application requires a client certificate
- Displays a link to tell the user how to obtain an MIT issued certificate.
- Gives the user the SSL version of url for them click
- NO CERTIFICATE: If the user tries to enter the application via the SSL (secure) port and the user does NOT have a valid MIT issued client side certificate then the user should be routed to the non-SSL port in (1) above.
- NO AUTHORIZATIONS: If the user has a valid client certificate but does not have ANY authorizations for this particular application then the application should display a page that tells user who to contact to get the required authorization.
- VALID USER: If the user has a valid client certificate AND at least one authorization for this particular application then the user should be allowed into the application.
- SWITCHING: If the user first comes in via the SSL port then switches to the unsecure port the application should detect this present the same situation as (1) above.
- MIDDLE OF APPLICATION: If a valid user first comes into the application at some url that is NOT the main entry point for the application the programmer needs the OPTION to be able to prevent this and to route the user to the main entry point instead.
- IMPERSONATE: If the user has a valid client certificate PLUS a special "impersonate" authorization and the user goes to a special impersonate entry point then the user should be prompted for the person whom they wish to impersonate.
- UNSECURE PORT: If user tries to enter the application via a non-SSL (unsecure) port then the application should display a page that does the following:
...