The Overlord project has some security related requirements that we need to work out. There are currently several components that all need to be tied together in a sensible way from the point of the view of end users, including the following:
- BAM Gadget Server - a GWT based UI application
- S-RAMP Repository - a Service Repository accessed via a REST Atom API
- S-RAMP Browser - a JBoss Errai based UI application used to browse an S-RAMP repository (must access the S-RAMP repository via the Atom API)
The following are a list of requirements for these three components:
- Require some type of web application user authentication when accessing the Gadget Server or S-RAMP Browser
- Require BASIC authentication when accessing the S-RAMP repository via its Atom API
- If the user has logged in to the BAM Gadget Server, they do not need to re-authenticate when switching to the S-RAMP Browser (SSO)
- When a user is logged in to the S-RAMP Browser, it will talk to the S-RAMP repository as that user (or on behalf of that user)
- Authenticated users are given a set of Roles/Permissions which grants the ability to perform fine grained functions within the UI applications
I think we are currently looking for some guidance/best-practices/ideas about what technologies we can/should be using to address these requirements.