Ticket #383 (closed issue: fixed)

Opened 13 years ago

Last modified 13 years ago

[S] Cross Domain Cookies - agree strategy for implementing NDG enabled login for all sites

Reported by: pjkersha Owned by: pjkersha
Priority: discussion Milestone: PostAlpha_review
Component: security Version:
Keywords: security, login Cc:

Description

For Alpha, a mechanism was devised to pass security credentials across cookie domains ( http://proj.badc.rl.ac.uk/ndg/ticket/41).

Credentials contained in a cookie are passed over a URI by means of a http redirect. See Use Case on BSCW:  http://bscw.badc.rl.ac.uk/bscw/bscw.cgi/d87578/Passing%20Authentication%20Details%20Across%20Domains%20Use%20Case.doc

Other NDG sites as well as deploying NDG security Web Services, will also need to implement a login page that can use this mechanism i.e. it can receive requests from other NDG sites for user credentials and can return those credentials back to the requestor.

A python class is available to do this with CGI but if other sites are using different technologies then they will need to write their own version of this interface.

Change History

comment:1 Changed 13 years ago by pjkersha

  • Status changed from new to closed
  • Resolution set to fixed

An interface document has been written giving a spec for the protocol between service provider making request and identity provider returning user credentials:

 http://bscw.badc.rl.ac.uk/bscw/bscw.cgi/d94343/NDG%20Security%20-%20Cross%20Domain%20Cookie%20Interface

In discussion at All Hands Meeting at PML, it was agreed to adapt the SecurityCGI python interface so that it can be called as a script. This will enable other sites where they don't use Python to easily incorporate it in there site login scripts.

Note: See TracTickets for help on using tickets.