Changes between Version 6 and Version 7 of T12_Security/ESG/TDSBrowserBasedAccess


Ignore:
Timestamp:
05/03/10 15:03:06 (9 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • T12_Security/ESG/TDSBrowserBasedAccess

    v6 v7  
    11= Browser Based Access to TDS Using ESG Filter Based Security Architecture = 
    22[[Image(tdsBrowserBasedSignIn.png)]] 
     3 
     4Arranged using http://websequencediagrams.com: 
     5{{{ 
     6participant "User via browser" 
     7participant "TDS: Authentication Redirect Filter" 
     8participant "TDS: Authorization Filter" 
     9participant "TDS" 
     10participant "Authentication Service: SSL Filter" 
     11participant "Authentication Service: OpenID RP Filter" 
     12participant "Gateway OpenID Provider" 
     13participant "Gateway Authorization Service" 
     14 
     15"User via browser" -> "TDS: Authentication Redirect Filter": TDS request intercepted by\nauthentication filter 
     16"TDS: Authentication Redirect Filter" -> "TDS: Authentication Redirect Filter": is the request to a secured resource? 
     17"TDS: Authentication Redirect Filter" -> "TDS: Authentication Redirect Filter": is the user authenticated? 
     18"TDS: Authentication Redirect Filter" -> "User via browser": The resource is secured but user\nis not authenticated: \nrequest client redirect\nto Authentication Service 
     19"User via browser" -> "Authentication Service: SSL Filter": Authentication request 
     20"Authentication Service: SSL Filter" -> "Authentication Service: SSL Filter": Did the client provide a\ncertificate in the\nSSL handshake?  If so,\nuse it to authenticate them 
     21"Authentication Service: SSL Filter" -> "Authentication Service: OpenID RP Filter": No certificate provided,\npass on to next middleware 
     22"Authentication Service: OpenID RP Filter" -> "User via browser": Display OpenID Sign in page 
     23"User via browser" -> "Authentication Service: OpenID RP Filter": Post OpenID URL 
     24"Authentication Service: OpenID RP Filter" -> "User via browser": request redirect to OpenID Provider 
     25"User via browser" -> "Gateway OpenID Provider": Get login page 
     26"Gateway OpenID Provider" -> "User via browser": return login page 
     27"User via browser" -> "Gateway OpenID Provider": Post username, password 
     28"Gateway OpenID Provider" -> "User via browser": login succeeded: request redirect back to Authentication Service. 
     29"Authentication Service: OpenID RP Filter" -> "Authentication Service: OpenID RP Filter": set session cookie 
     30"Authentication Service: OpenID RP Filter" -> "User via browser": request redirect back to\noriginal TDS request URL. 
     31"User via browser" -> "TDS: Authentication Redirect Filter": Request intercepted by Redirect\nFilter again 
     32"TDS: Authentication Redirect Filter" -> "TDS: Authentication Redirect Filter": is the request to a secured resource? 
     33"TDS: Authentication Redirect Filter" -> "TDS: Authentication Redirect Filter": is the user authenticated? 
     34"TDS: Authentication Redirect Filter" -> "TDS: Authorization Filter": Pass to authorization filter because,\nyes the request is to a secured\nresource and the user is\nauthenticated. 
     35"TDS: Authorization Filter" -> "Gateway Authorization Service": AuthzDecisionQuery(userId, resourceURI) 
     36"Gateway Authorization Service" -> "TDS: Authorization Filter": AuthzDecisionStatement Grant/Deny 
     37"TDS: Authorization Filter" -> "TDS": The decision was Grant:\npass on the request\nto the TDS. 
     38"TDS" -> "User via browser": Serve data requested 
     39}}}