Project

General

Profile

Authentication Frameworks Applicability

It is evident that a SOA based platform like EDIT needs to be based on a common authetication framework.

There are several standards for authentication, identity management, assertions, etc out there that have different strength and weaknesses.

We like to investigate the different frameworks in the light of several use cases that exist in EDIT.

Framework Introduction

Shibboleth

A SAML based framwork. See wiki:Shibboleth for details

OpenID

OpenID is a leightweight web2.0 identity standard that provides single-sign-on for web applications.

CAS


Use Cases

Web Application Authentication

Shibboleth

CAS

OpenID

Webservices accessed via Web Application

Shibboleth

CAS

OpenID

  1. The user enters their OpenID URL at the "main site"

  2. The "main site" determines the OP and re-directs requesting authentication and certificates for each of the remote sites it wants to invoke (specification of certificates could use the "Attribute Exchange" extension).

  3. User authenticates to OP (prooveme.com) and grants consent for the requested certificates to be generated and returned to the "main site". Note that this allows the certificates to be short-lived solving some of the certificate management issues.

  4. The "main site" uses the certificates to access the desired remote sites

Webservices accessed via Desktop Application

Shibboleth

CAS

OpenID

Add picture from clipboard (Maximum size: 40 MB)