0 Replies Latest reply on Jan 10, 2013 2:01 PM by eric.wittmann

    Overlord Security - Authentication/Authorization (Near Term)

    eric.wittmann

      The Overlord project has some security related requirements that we need to work out.  There are currently several components that all need to be tied together in a sensible way from the point of the view of end users, including the following:

       

      • BAM Gadget Server - a GWT based UI application
      • S-RAMP Repository - a Service Repository accessed via a REST Atom API
      • S-RAMP Browser - a JBoss Errai based UI application used to browse an S-RAMP repository (must access the S-RAMP repository via the Atom API)

       

      The following are a list of requirements for these three components:

      • Require some type of web application user authentication when accessing the Gadget Server or S-RAMP Browser
      • Require BASIC authentication when accessing the S-RAMP repository via its Atom API
      • If the user has logged in to the BAM Gadget Server, they do not need to re-authenticate when switching to the S-RAMP Browser (SSO)
      • When a user is logged in to the S-RAMP Browser, it will talk to the S-RAMP repository as that user (or on behalf of that user)
      • Authenticated users are given a set of Roles/Permissions which grants the ability to perform fine grained functions within the UI applications

       

      I think we are currently looking for some guidance/best-practices/ideas about what technologies we can/should be using to address these requirements.