Revision as of 11:34, 16 May 2008

Change History

Workload Estimation

'* - includes other committer work (e.g. check-in, contribution tracking)

Purpose

We need a simple implementation that supports authentication ONLY (no authorization, encryption is nice to have). One of our initial adopter products has a web service that needs three parameters: login, password, and the (graph) query string. We need to add login-id/password support to COSMOS.

Requirements

There are a number of use cases for this design. Please note that the Security implementation will be completed in two or more phases.

Use Case : Integrating a non-COSMOS MDR that requires a authentication (login-id / password)

This use case addresses the situation where a non-COSMOS MDR requires a plain-text login-id and password. This use case will be fulfilled by ER 231400 (http://bugs.eclipse.org/bugs/show_bug.cgi?id=231400)

How to implement this

Design

Current Issues

• Which use cases are relevant for Higgins?
• Given our timeframes, should we do a simple / custom authentication implementation for now, and bring in Higgins later when we have elaborate security requirements? Does anyone have any additional requirements at this juncture that require a 2008 delivery?
• Is Higgins designed for a limited-scope Security implementation that only requires authentication?
• Has anyone utilized Higgins for a similar scenario in conjunction with another open source (or corporate) project?