Package | osid.authentication.process |
---|---|
Title | Authentication Process Open Service Interface Definitions |
Version | 3.0.0 |
Description |
The Authentication Process OSID conducts an authentication process. Authentication ProcessThe Authentication OSID helps an OSID Consumer acquire and validate authentication credentials without having to manage the details of a particular authentication environment. Authentication is generally a two step process. A user wishing to authenticate acquires a set of credentials and transports those credentials to a remote peer. The remote peer then validates those credentials and determines the identity of the user represented. This process is reflected in the Authentication OSID with the definition of two OSID sessions:
The transport of authentication credentials is the responsibility of the consumer of the Authentication OSID as authentication generally supports an existing application protocol enviornment. Methods exist to extract and supply credentials at each end. An Authentication OSID Provider may support either or both sessions, and one or more credential formats. Methods also exist to support a challenge-response mechanism. Circle of Trust In the Authorization OSID, Authorizations may be
managed for a set of Agents related to a Resource. The set
of For example, an The multiplicity of ExamplesClient side authentication: if (manager.supportsAuthenticationAcquisition() && manager.supportsAcquisitionInputType(krb5ServiceType) && manager.supportsCredentialType(serialKRB5Type)) { AuthenticationAcquisitionSession aas = manager.getAuthenticationAcquisitionSession(); // specify input parameters (interface extension) KRB5Service kService = new KRB5Service(); kService.setName("host"); kService.setInstance("server.osid.org"); kService.setRealm("OSID.ORG"); // get Credential (interface type) Authentication auth = aas.getAuthentication(kService, krb5ServiceType); SerializedKRB5Ticket ticket = (SerializedKRB5Ticket) auth.getCredential(serialKRB5Type); send_data_to_peer(ticket); // app specific protocol }
Server side authentication: if (manager.supportsAuthenticationValidation() && manager.supportsCredentialType(serialSAML2Type)) { AuthenticationValidationSession avs = manager.getAuthenticationValidationSession(); Authentication auth = authenticate(SAML2Token, serialSAML2Type); if (auth.isValid()) { Agent agent = auth.getAgent(); // identity established } } |