- Authentication Frameworks Applicability
Authentication Frameworks Applicability¶
It is evident that a SOA based platform like EDIT needs to be based on a common authetication framework.
There are several standards for authentication, identity management, assertions, etc out there that have different strength and weaknesses.
We like to investigate the different frameworks in the light of several use cases that exist in EDIT.
A SAML based framwork. See wiki:Shibboleth for details
OpenID is a leightweight web2.0 identity standard that provides single-sign-on for web applications.
Web Application Authentication¶
Webservices accessed via Web Application¶
Scenario taken from this mailinglist :
The user enters their OpenID URL at the "main site"
The "main site" determines the OP and re-directs requesting authentication and certificates for each of the remote sites it wants to invoke (specification of certificates could use the "Attribute Exchange" extension).
User authenticates to OP (prooveme.com) and grants consent for the requested certificates to be generated and returned to the "main site". Note that this allows the certificates to be short-lived solving some of the certificate management issues.
The "main site" uses the certificates to access the desired remote sites