Jump to: navigation, search

Authentication Materials

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

This page describes the concept of Authentication Materials used in the Context Data Model 1.1. Authentication Materials are needed to open a Context. For example, in the case of opening an LDAP Context, a username and password may be required.

Authentication Materials are classes which implement the IdAS IAuthNMaterials interface. This is only a marker interface without methods.

Authentication Material Types

In certain situations, it is helpful to have identifiers for common types of Authentication Materials:

  • For example, for R-Cards we use UDIs (specifically Entity UDIs) to point to Higgins Contexts and Entities. When a UDI is resolved, we need to know what type of Authentication Materials is needed for opening the Context it points to.

The interface IAuthNMaterials defines the following string identifiers for common types of Authentication Materials:

urn:udi:authnmaterials:1.0:anonymous
urn:udi:authnmaterials:1.0:leastPrivileged
urn:udi:authnmaterials:1.0:implied
urn:udi:authnmaterials:1.0:usernamePassword
urn:udi:authnmaterials:1.0:namePrivatekey
urn:udi:authnmaterials:1.0:p-infocard
urn:udi:authnmaterials:1.0:m-infocard
urn:udi:authnmaterials:1.0:samlpolicy

Notes:

  • The above identifiers can have a query string for passing additional information (e.g. constraints on the accepted Authentication Materials).
  • For example, in the case of urn:udi:authnmaterials:1.0:m-infocard this additional information could be a base64 encoded I-Card <object> element:
urn:udi:authnmaterials:1.0:m-infocard?encoded-object-element
  • The special identifier urn:udi:authnmaterials:1.0:implied means that the party trying to open the Context must somehow know by itself what Authentication Materials to use. E.g. in SSO scenarios, that party may already have a session established with the user, or in some other way know their credentials.