[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[alf-dev] Authentication and Single Signon
|
Hello,
After a pause I am finally getting back to looking at ALF security.
It appears to me that the discussion as to what "cross-tool"
authentication mechanisms to offer depends on the context, i.e. usage
scenarios, within which ALF is intended to be used.
Following are several usage scenarios that came to mind. I am wondering
which one are intended to be supported:
ALF installation site
---------------------
A1. ALF is locally installed and used by a single user on his/her
workstation
A2. ALF is installed on a server and is used in an organizational context.
A3. Several ALF instances are used some installed locally others
centrally on a server.
ALM Tool location
-----------------
T1. ALM tools are installed locally and used by single users
T2. ALM tools are installed on central servers within an organization
and used by many users
T3. ALM tools are installed on 3rd party vendor sites and accessible
across firewalls
Tools security needs
--------------------
S1. ALM tool requires authentication
S2. ALM tool does not require authentication
User trust level
----------------
Tr1. ALM tool user trusts ALM tool (providers) and is willing to submit
user id and password
Tr2. ALM tool user does not trust ALM tool (providers) and is only
willing to pass ticket-based credentials, that can be authenticated
centrally.
It appears that only within a usage environment of (A1) single sign on
makes most sense. I.e where ALF is installed locally at one users
workstation, and is orchestrating local as well as centralized tools.
In all other cases either providing a managed multi-user sign-on
solution or having a "configured" ALF user (as mentioned by Tim in a
previous posting), whose credentials are always used for tool sign-on
when called from within an ALF service flow, makes sense.
The issue of whether there is a need for a central authentication
service seems to depend on the trust level (Tr1) or (Tr2). If trust is
given then ALF can pass along userid and passwords, otherwise ALF may
want to provide, or at least passing along, credential tickets from a
centralized authentication service.
appreciating any comments,
Daniel