[alf-dev] Authentication and Single Signon

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[alf-dev] Authentication and Single Signon

From: Daniel Gross <gross@xxxxxxxxxxxxxxx>
Date: Thu, 10 Nov 2005 13:49:29 -0500
List-archive: <http://eclipse.org/pipermail/alf-dev>
List-help: <mailto:alf-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/alf-dev>, <mailto:alf-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/alf-dev>, <mailto:alf-dev-request@eclipse.org?subject=unsubscribe>
Newsgroups: eclipse.technology.alf
Organization: EclipseCorner
User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)

Hello,

After a pause I am finally getting back to looking at ALF security.

It appears to me that the discussion as to what "cross-tool"authentication mechanisms to offer depends on the context, i.e. usagescenarios, within which ALF is intended to be used.

Following are several usage scenarios that came to mind. I am wonderingwhich one are intended to be supported:


ALF installation site
---------------------

A1. ALF is locally installed and used by a single user on his/herworkstation


A2. ALF is installed on a server and is used in an organizational context.

A3. Several ALF instances are used some installed locally otherscentrally on a server.


ALM Tool location
-----------------

T1. ALM tools are installed locally and used by single users

T2. ALM tools are installed on central servers within an organizationand used by many usersT3. ALM tools are installed on 3rd party vendor sites and accessibleacross firewalls


Tools security needs
--------------------
S1. ALM tool requires authentication
S2. ALM tool does not require authentication


User trust level
----------------

Tr1. ALM tool user trusts ALM tool (providers) and is willing to submituser id and passwordTr2. ALM tool user does not trust ALM tool (providers) and is onlywilling to pass ticket-based credentials, that can be authenticatedcentrally.

It appears that only within a usage environment of (A1) single sign onmakes most sense. I.e where ALF is installed locally at one usersworkstation, and is orchestrating local as well as centralized tools.

In all other cases either providing a managed multi-user sign-onsolution or having a "configured" ALF user (as mentioned by Tim in aprevious posting), whose credentials are always used for tool sign-onwhen called from within an ALF service flow, makes sense.

The issue of whether there is a need for a central authenticationservice seems to depend on the trust level (Tr1) or (Tr2). If trust isgiven then ALF can pass along userid and passwords, otherwise ALF maywant to provide, or at least passing along, credential tickets from acentralized authentication service.



appreciating any comments,

Daniel

Prev by Date: [alf-dev] Eclipse ALF POC Schedule Meeting Minutes Fri 10/28 11:00 am PT
Next by Date: [alf-dev] RE: Eclipse ALF POC Schedule Meeting Minutes Fri 10/28 11:00 am PT
Previous by thread: [alf-dev] Eclipse ALF POC Schedule Meeting Minutes Fri 10/28 11:00 am PT
Next by thread: RE: [alf-dev] Authentication and Single Signon
Index(es):
- Date
- Thread

Breadcrumbs