[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[alf-dev] Single Sign On and service flow needing multiple different credentials


While reviewing the single sign on discussion the following question occurred to me:

It appears that a premise underlying single sign on for service flows, is that the tool user upon whose action an event is raised, must have the authorization to access all tools that are potentially accessed in an ensuing service flow.

Couldnt it be the case that the user upon whose behalf an event is raised may, due to organizational policy, not have the authority to access some of the tools in the service flow, which means another user's credentials might be necessary to complete the service flow.

For example, a tester who logs an issue, may not have the authority to enter project managment information related to the logged issue into a project management tool. The testers credentials that would be passed to the service flow would then not authorize the automated entering of data in the project management tool.

The single sign on assumption seems to mean that an AFL site administrator must ensure that for every user who can trigger an event, the authority is also given to access all tools that could be called by a service flow.

Alternatively, raising the issue of roles in ALF, could it be the case that an ALF administrator may define and pass his/her credentials to access all relevant tools that are called by an ALF service flow.

appreciating any comments,