-
Type:
Defect
-
Resolution: Done
-
Priority:
Minor
-
Affects Version/s: None
-
Component/s: Authorization
-
None
The security filter developed to front and secure Data Nodes services allows both OpenID and SSL based authentication.
Both OpenID and SSL based authentication enable attribute information to be pushed to the filter. In the case of OpenID, via the Attribute Exchange mechanism, and with SSL based authentication via a SAML assertion embedded in the user certificate submitted by the client in the SSL handshake.
The filter should be able to extract these attributes and pass them to the authorisation filter so that it can include them in its authorisation decision query to the Authorisation Service. This way the authorisation service can make decision based on attributes *pushed* to it by the filter and also, attributes it *pulls* from Attribute Service(s).
Both OpenID and SSL based authentication enable attribute information to be pushed to the filter. In the case of OpenID, via the Attribute Exchange mechanism, and with SSL based authentication via a SAML assertion embedded in the user certificate submitted by the client in the SSL handshake.
The filter should be able to extract these attributes and pass them to the authorisation filter so that it can include them in its authorisation decision query to the Authorisation Service. This way the authorisation service can make decision based on attributes *pushed* to it by the filter and also, attributes it *pulls* from Attribute Service(s).