Changes between Version 2 and Version 3 of DXAndSecurity


Ignore:
Timestamp:
04/07/06 00:54:30 (13 years ago)
Author:
astephen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DXAndSecurity

    v2 v3  
    33Here are some notes on how/why both the DX client and server must be NDG-security enabled: 
    44 
    5 1. Client and Server need to know about security because: 
    6    * Server might be called directly so must be secure. 
    7    * Client needs to do web-based (cookie) authentication and provide login and forwarding to NDG hosts, therefore needs to know. 
     5 1. Client and Server need to know about security because: 
     6 * Server might be called directly so must be secure. 
     7 * Client needs to do web-based (cookie) authentication and provide login and forwarding to NDG hosts, therefore needs to know. 
    88 
    9 1. Client can follow MOLES Browse model of: 
    10    * If not logged in: get list of trusted hosts 
    11    * User selects one and logs in at that trusted host. 
    12    * Trusted host forwards back to DX with cookies set or encrypted cookies on URL. 
    13    * DX can then use NDG security code to get the list of roles and the username. 
     9 1. Client can follow MOLES Browse model of: 
     10 * If not logged in: get list of trusted hosts 
     11 * User selects one and logs in at that trusted host. 
     12 * Trusted host forwards back to DX with cookies set or encrypted cookies on URL. 
     13 * DX can then use NDG security code to get the list of roles and the username. 
    1414 
    15 1. Client and server exchange secure Token and session ID: 
    16    * Session ID is a non-secure object that just binds to your saved session. 
    17    * In order to access the session ID you should also provide the secure token.  
    18    * The secure token needs to be an object that the server can use with NDG Security. Hence it could be a Proxy Certificate… 
     15 1. Client and server exchange secure Token and session ID: 
     16 * Session ID is a non-secure object that just binds to your saved session. 
     17 * In order to access the session ID you should also provide the secure token.  
     18 * The secure token needs to be an object that the server can use with NDG Security. Hence it could be a Proxy Certificate…