Changes between Version 5 and Version 6 of TI12_Security/DEWSHealthStreamPortalAccess2MetOfficeGeoserverUseCase


Ignore:
Timestamp:
09/01/07 15:23:46 (13 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TI12_Security/DEWSHealthStreamPortalAccess2MetOfficeGeoserverUseCase

    v5 v6  
    3434 1. No security cookie is present so they are redirected to the Portal login page (!PortalLogin). 
    3535 1. The user enters their username and pass-phrase at the !PortalLogin over a HTTPS connection. 
    36  1. The !PortalLogin passes the credentials over HTTPS to the PortalSM. 
     36 1. The !PortalLogin calls PortalSM `connect` WS operation passing the credentials over HTTPS. 
    3737 1. PortalSM authenticates the user, makes and holds a session for them and returns a cookie back to the !PortalLogin 
    3838 1. !PortalLogin sets the security session cookie. 
    39  1. The Portal calls the PortalSM with getAttCert to ask it to retrieve an Attribute Certificate from the PortalAA. 
     39 1. The Portal calls the PortalSM with `getAttCert` to ask it to retrieve an Attribute Certificate from the PortalAA. 
    4040 1. PortalAA accepts the request since the user is registered with the Portal and returns an Attribute Certificate. 
    4141 1. The PortalSM caches the Attribute Certificate returned in the user's !CredentialWallet. 
    4242 1. The PortalSM calls the MetOfficeAA with a getAttCert request passing its portal Attribute Certificate. 
    43  1. MetOfficeAA accepts the Portal Attribute Certificate as it is from a ''trusted'' site.  It uses its role map to map the roles contained in the Portal Attribute Certificate to local roles understood by !MetOfficeGeoserver. 
    44  1. The mapped roles are returned in a mapped certificate to PortalSM. 
    45  1. PortalSM adds the new mapped Attribute Certificate to the user's wallet and returns the Attribute Certificate to the Portal. 
    46  1. The Portal passes the mapped Attribute Certificate to the !MetOfficeGatekeeper with the Geoserver request. 
     43 1. MetOfficeAA accepts the Portal Attribute Certificate as it is from a ''trusted'' site.  It uses its ''role map'' to map the roles contained in the Portal Attribute Certificate to local roles understood by !MetOfficeGeoserver. 
     44 1. The mapped roles are returned in a ''mapped'' certificate to PortalSM. 
     45 1. PortalSM adds the new mapped Attribute Certificate to the user's !CredentialWallet and returns the Attribute Certificate to the Portal. 
     46 1. The Portal passes the mapped Attribute Certificate to the !MetOfficeGatekeeper web service along with the Geoserver request. 
    4747 1. The !MetOfficeGatekeeper checks the roles in the mapped Attribute Certificate against the role(s) controlling access to the resource.  If they match, access to the resource can proceed.