[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[alf-dev] Single Sign On and service flow needing multiple different credentials
While reviewing the single sign on discussion the following question
occurred to me:
It appears that a premise underlying single sign on for service flows,
is that the tool user upon whose action an event is raised, must have
the authorization to access all tools that are potentially accessed in
an ensuing service flow.
Couldnt it be the case that the user upon whose behalf an event is
raised may, due to organizational policy, not have the authority to
access some of the tools in the service flow, which means another user's
credentials might be necessary to complete the service flow.
For example, a tester who logs an issue, may not have the authority to
enter project managment information related to the logged issue into a
project management tool. The testers credentials that would be passed to
the service flow would then not authorize the automated entering of data
in the project management tool.
The single sign on assumption seems to mean that an AFL site
administrator must ensure that for every user who can trigger an event,
the authority is also given to access all tools that could be called
by a service flow.
Alternatively, raising the issue of roles in ALF, could it be the case
that an ALF administrator may define and pass his/her credentials to
access all relevant tools that are called by an ALF service flow.
appreciating any comments,