...
| Gliffy Diagram | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Option 1
a.
Build a new base table (ASPEC) to replace the Authorization table. In the new table, instead of Kerberos_name field, make it agent_identifier field. Expand the length of the field to 60 characters (longer?) to accommodate usernames that include a domain, e.g., username@xxxxxxx.xxxxxxxx
...
- Only include records where the username matches \*@mit.edu (mailto:*@mit.edu)
- Include a field Kerberos_name that is the username field with "*@mit.edu" stripped off
...
- original_agent_id_type_code
- original_username
- mapped_agent_id_type_code
- mapped_username
k.
New table Cat_Default_AuthN. Each record in this table maps one record in the Agent_ID_Type table to another record in the Category table, indicating one of the default allowable Agent_ID_Types allowable for Functions within the given Category. The allowable Agent_ID_Types can be set either at the Category level (i.e., applies to all Functions within the Category) or the Function level. If at least one record exists in the Function_AuthN table for a given Function, then the allowable Agent_ID_Types for that Function are gotten from the Function_AuthN table, and the Cat_Default_AuthN table is ignored for that Function.
- Function_Category
- Agent_ID_Type
- mapped_agent_id_type_code
- mapped_username
...