Developer Requirements

Created by Catherine T Iannuzzo, last modified by Norman J Wright on Feb 13, 2007 06:21

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Authentication Requirements

Cannot just get a String, need to be able interrogate type of token.

User user = securityMgr.getCurrentUser ();
user.getType (); (i.e. Kerberos, MIT ID, email address, Alumni ID, etc)
user.convertTo (type); - allows programmer to convert between supported types

Service layer access to authenticated user without having it explicitly passed in each call

i.e. User user = securityMgr.getCurrentUser (); works on service layer just as it does on the web tier
A way to do machine to machine authentication (or app to app authentication)
An ability to invoke service method on behalf of a named business user

Ability to impersonate another for testing just within a particular application

Grant Impersonate to X for application Y
UI to let X type in user Z to impersonate them within the rest of the application
User user = securityMgr.getCurrentUser (); // must return Z
User user = securityMgr.getTrueUser (); // optional to return X

Authorization requirements

Below are the documents that came out of the GASP/ISDA meetings:

AuthorizationModelForCombiningExplicitAndImplicitAuthorizations.vsd

GASP Authentication Issues.doc

GASP Authorization Issues.doc

No labels