Changes between Version 1 and Version 2 of DXAndSecurity


Ignore:
Timestamp:
04/07/06 00:53:44 (13 years ago)
Author:
astephen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DXAndSecurity

    v1 v2  
    33Here are some notes on how/why both the DX client and server must be NDG-security enabled: 
    44 
    5  1.     Client and Server need to know about security because: 
     51. Client and Server need to know about security because: 
    66   * Server might be called directly so must be secure. 
    77   * Client needs to do web-based (cookie) authentication and provide login and forwarding to NDG hosts, therefore needs to know. 
    88 
    9  1.     Client can follow MOLES Browse model of: 
     91. Client can follow MOLES Browse model of: 
    1010   * If not logged in: get list of trusted hosts 
    1111   * User selects one and logs in at that trusted host. 
     
    1313   * DX can then use NDG security code to get the list of roles and the username. 
    1414 
    15  1.     Client and server exchange secure Token and session ID: 
     151. Client and server exchange secure Token and session ID: 
    1616   * Session ID is a non-secure object that just binds to your saved session. 
    1717   * In order to access the session ID you should also provide the secure token.