Difference between revisions of "CLARIN/Security for web services"

From PDP/Grid Wiki
Jump to navigationJump to search
(include images)
Line 5: Line 5:
 
== Approaches ==
 
== Approaches ==
  
 +
<div style="clear:right"></div>[[Image:Approaches_open.png|150px|right|Open diagram]]
 
=== Open ===
 
=== Open ===
 
All services trust each other. No technical security measures (other than, possibly, blocking complete strangers); managable upto ~15 services [TODO ref needed]
 
All services trust each other. No technical security measures (other than, possibly, blocking complete strangers); managable upto ~15 services [TODO ref needed]
  
 +
<div style="clear:right"></div>
 
=== Shibboleth + delegation ===
 
=== Shibboleth + delegation ===
 
[http://shibboleth.internet2.edu/ Shibboleth] is already used for federated authentication. It has [https://spaces.internet2.edu/display/SHIB2/ECP#ECP-Directvs.DelegatedAuthentication ECP] support with [https://spaces.internet2.edu/display/ShibuPortal/Configuring+Shibboleth+Delegation+for+a+Portal delegation], though only through a plugin. The next major IdP release [https://spaces.internet2.edu/display/SHIB2/ECP#ECP-CodeAvailability may] include it though.
 
[http://shibboleth.internet2.edu/ Shibboleth] is already used for federated authentication. It has [https://spaces.internet2.edu/display/SHIB2/ECP#ECP-Directvs.DelegatedAuthentication ECP] support with [https://spaces.internet2.edu/display/ShibuPortal/Configuring+Shibboleth+Delegation+for+a+Portal delegation], though only through a plugin. The next major IdP release [https://spaces.internet2.edu/display/SHIB2/ECP#ECP-CodeAvailability may] include it though.
Line 16: Line 18:
 
(see Shibboleth) [TODO would there be other SAML ECP options than Shibboleth?]
 
(see Shibboleth) [TODO would there be other SAML ECP options than Shibboleth?]
  
 +
<div style="clear:right"></div>[[Image:Approaches_oauth1.png|150px|right|OAuth 1.0 diagram]]
 
=== OAuth 1.0 ===
 
=== OAuth 1.0 ===
  
 +
<div style="clear:right"></div>[[Image:Approaches_oauth2.png|150px|right|OAuth 2.0 diagram]]
 
=== OAuth 2.0 ===
 
=== OAuth 2.0 ===
  
  
 +
<div style="clear:right"></div>
  
 
== Links ==
 
== Links ==

Revision as of 13:55, 23 March 2011

  • ISOcat registry
  • CMDI, component metadata infrastructure


Approaches

Open diagram

Open

All services trust each other. No technical security measures (other than, possibly, blocking complete strangers); managable upto ~15 services [TODO ref needed]

Shibboleth + delegation

Shibboleth is already used for federated authentication. It has ECP support with delegation, though only through a plugin. The next major IdP release may include it though.

One cannot expect each IdP to install this plugin, or to have the latest version installed [TODO check if this is the case with Shibboleth version policies]. Therefore this option is not viable.

SAML ECP

(see Shibboleth) [TODO would there be other SAML ECP options than Shibboleth?]

OAuth 1.0 diagram

OAuth 1.0

OAuth 2.0 diagram

OAuth 2.0

Links

Standards

Libraries

Federations

Other