Package org.osid.authentication

package org.osid.authentication

The Open Service Interface Definitions for the org.osid.authentication service.

The Authentication OSID manages authenticated entities.

Agent

The Authentication OSID defines an Agent to represent the identity of the authenticated entity. An Agent may map to a specific authentication principal while some providers may elect to hide multiple authentication principals behind a single Agent . Because principal identities tend not to be durable and persistent, consumers should always persist the Id .

Resource Mapping

An Agent may be mapped to a Resource in the Resource OSID. A Resource may map to multiple Agents but an Agent may only map to a single Resource. In the case of a person, a person may be utilize a number of authentication technologies each with a different authentication identity. Decoupling the authentication identity from that of ther person is to provide a means of integrating multiple services where different authentication identities exist for a person that impact the handling of authorization.

Authorization

Authorization is a separate service. The Authorization OSID manages what functions the Agent is authorized to perform and references the Agent Id . The Authentication OSID is only responsible for identity management of the Agent .

Each Agent of a Resource may be used to define distinct security levels of assurance (although the paranoid may opt for defining a pseudo-resource for each Agent ). These security levels of assurance can be linked to the Agent Type and managed in the Authorization OSID. The Agent Type would be an indicator of the authentication strength and although it may correlate to a specific authentication technology, coupling it too tightly to a particular technology may limit flexibility.

Certain consumers may wish to be notified of changes within the service. Authentication supports notifications via an AgentNotificationSession .

if (manager.supportsAgentNotification()) {
    AgentNotificationSession ans = manager.getAgentNotificationSession(receiver);
    ans.registerForNewAgents();
    hangAround();
}

AgentReceiver receiver {
    newAgent(Id agentId) { print("new agent"); }
    changedAgent(Id agentId) { print("updated agent"); }
    deletedAgent(Id agentId) { print("deleted agent"); }
}        
 

Agency Cataloging

Agents are organized into federateable Agency OsidCatalogs .

Sub Packages

The Authentication OSID includes an Authentication Key OSID for managing private keys associated with an Agent and an Authentication Process OSID for acquiring and validating authentication credentials. It slaos includes an Authentication Batch OSID for managing Agents and Agencies in bulk.

Copyright © 2002-2004, 2007 Massachusetts Institute of Technology.

Copyright © 2009 Ingenescus. All Rights Reserved.

This Work is being provided by the copyright holder(s) subject to the following license. By obtaining, using and/or copying this Work, you agree that you have read, understand, and will comply with the following terms and conditions.

Permission to use, copy and distribute unmodified versions of this Work, for any purpose, without fee or royalty is hereby granted, provided that you include the above copyright notices and the terms of this license on ALL copies of the Work or portions thereof.

You may modify or create Derivatives of this Work only for your internal purposes. You shall not distribute or transfer any such Derivative of this Work to any location or to any third party. For the purposes of this license, "Derivative" shall mean any derivative of the Work as defined in the United States Copyright Act of 1976, such as a translation or modification.

This Work and the information contained herein is provided on an "AS IS" basis WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS IN THE WORK.

The export of software employing encryption technology may require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting this Work.

Related Packages

Package	Description
org.osid	The Open Service Interface Definitions for the org.osid service.
org.osid.authentication.batch	The Open Service Interface Definitions for the org.osid.authentication.batch service.
org.osid.authentication.keys	The Open Service Interface Definitions for the org.osid.authentication.keys service.
org.osid.authentication.process	The Open Service Interface Definitions for the org.osid.authentication.process service.
org.osid.authentication.records

Interfaces

Class	Description
Agency	An agency defines a collection of agents.
AgencyAdminSession	This session creates, updates, and deletes Agencies .
AgencyForm	This is the form for creating and updating agencies.
AgencyHierarchyDesignSession	This session defines methods for managing a hierarchy of Agency objects.
AgencyHierarchySession	This session defines methods for traversing a hierarchy of Agency objects.
AgencyList	Like all OsidLists , AgencyList provides a means for accessing Agency elements sequentially either one at a time or many at a time.
AgencyLookupSession	This session provides methods for retrieving Agency objects.
AgencyNode	This interface is a container for a partial hierarchy retrieval.
AgencyNodeList	Like all OsidLists , AgencyNodeList provides a means for accessing AgencyNode elements sequentially either one at a time or many at a time.
AgencyNotificationSession	This session defines methods to receive notifications on adds/changes to Agency objects.
AgencyQuery	This is the query for searching agencies.
AgencyQueryInspector	This is the query inspector for examining queries.
AgencyQuerySession	This session provides methods for searching among Agency objects.
AgencyReceiver	The agency receiver is the consumer supplied interface for receiving notifications pertaining to new, updated or deleted Agency objects.
AgencySearch	The interface for governing agency searches.
AgencySearchOrder	An interface for specifying the ordering of search results.
AgencySearchResults	This interface provides a means to capture results of a search.
AgencySearchSession	This session provides methods for searching among Agency objects.
Agent	An Agent represents an authenticatable identity.
AgentAdminSession	This session creates, updates, and deletes Agents .
AgentAgencyAssignmentSession	This session provides methods to re-assign Agents to Agencies .
AgentAgencySession	This session provides methods to retrieve Agents to Agency mappings.
AgentForm	This is the form for creating and updating Agents .Like all OsidForm objects, various data elements may be set here for use in the create and update methods in the AgentAdminSession .
AgentList	Like all OsidLists , AgentList provides a means for accessing Agent elements sequentially either one at a time or many at a time.
AgentLookupSession	This session provides methods for retrieving Agent objects.
AgentNotificationSession	This session defines methods to receive asynchronous notifications on adds/changes to Agent objects.
AgentQuery	This is the query for searching agents.
AgentQueryInspector	This is the query inspector for examining agent queries.
AgentQuerySession	This session provides methods for searching Agents .
AgentReceiver	The agent receiver is the consumer supplied interface for receiving notifications pertaining to new, updated or deleted Agent objects.
AgentSearch	AgentSearch defines the interface for specifying agent search options.
AgentSearchOrder	An interface for specifying the ordering of search results.
AgentSearchResults	This interface provides a means to capture results of a search.
AgentSearchSession	This session provides methods for searching Agents .
AgentSmartAgencySession	This session manages queries and sequencing to create "smart" dynamic catalogs.
AuthenticationManager	The authentication manager provides access to authentication sessions and provides interoperability tests for various aspects of this service.
AuthenticationProfile	The AuthenticationProfile describes the interoperability among authentication services.
AuthenticationProxyManager	The authentication proxy manager provides access to authentication sessions and provides interoperability tests for various aspects of this service.