Authentication Requirements
Cannot just get a String, need to be able interrogate type of token.
- User = SecuritygetCurrent
- getType () (i.e. Kerberos, MIT ID, email address, Alumni ID, etc)
- convertTo (type) - allows programmer to convert between supported types
Service layer access to authenticated user without having it explicitly passed in each call* - A way to do machine to machine authentication (or app to app authentication)* - An ability to invoke service method on behalf of a named business user
Ability to impersonate another for testing just within a particular application - Grant Impersonate to X for application Y
- UI to let X type in user Z to impersonate them
- The above methods for getCurrentUser () must return
Below are the documents that came out of the GASP/ISDA meetings:
AuthorizationModelForCombiningExplicitAndImplicitAuthorizations.vsd