wiki:RefactoringSecurity

Version 1 (modified by lawrence, 13 years ago) (diff)

--

Refactoring Security

In terms of NDG "login" ... we get authenticated ... and we should get the attribute certificate of the host we chose ... immediately ... so our credential "wallet" now includes a proxy certificate and a attribute certificate ...

Assumption: An application should be ignorant about security state!

  • ApplicationStart?
  • DoSomething?(toURI,withCredential)
    • call check(toURI,withCredential) (I need an address for the check method, localGKWSDL)
      • response yes, or
      • noCredential, with instructions to get one (i.e. html response)
      • no
  • If noCredential, respond with message html including redirect

This is opaque to the security state.

So check has to take toURI, come up with a role ... look at credentials .. decide on a match ... In hte case of browse I have to call check(role,toURI,withCredential)

Actually role is a (localRole,AAaddress) tuple

(This is wrong:) LocalGK has the mapConfig files to be able to map a remote role (known from the attribute certificate to a local role) and can do it without requesting a mapped certificate. This implies localGK is always updated when the mapconfig file at a remote site is updated!