Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
COSMOS Design 231400
Contents
Change History
Name: | Date: | Revised Sections: |
---|---|---|
Jimmy Mohsin | 05/16/2008 |
|
Bill Muldoon | 05/19/2008 |
|
Workload Estimation
Process | Sizing | Names of people doing the work |
---|---|---|
Design | Jimmy Mohsin, Bill Muldoon, Martin Simmonds, et al | |
Code | ||
Test | ||
Documentation | ||
Build and infrastructure | ||
Code review, etc.* | ||
TOTAL |
'* - includes other committer work (e.g. check-in, contribution tracking)
Purpose
We need a simple implementation that supports authentication ONLY (no authorization, encryption is nice to have). One of our initial adopter products has a web service that needs three parameters: login, password, and the (graph) query string. We need to add login-id/password support to COSMOS.
Requirements
There are a number of use cases for this design. Please note that the Security implementation will be completed in two or more phases.
Use Case : Integrating a non-COSMOS MDR that requires a authentication (login-id / password)
This use case addresses the situation where a non-COSMOS MDR requires a plain-text login-id and password. This use case will be fulfilled by ER 231400 (http://bugs.eclipse.org/bugs/show_bug.cgi?id=231400)
How to implement this
Design
This section should only list high level design considerations for Security. Detail design should reside in the "child" ERs.
Current Issues
- Which use cases are relevant for Higgins?
- Given our timeframes, should we do a simple / custom authentication implementation for now, and bring in Higgins later when we have elaborate security requirements? Does anyone have any additional requirements at this juncture that require a 2008 delivery?
- Is Higgins designed for a limited-scope Security implementation that only requires authentication?
- Has anyone utilized Higgins for a similar scenario in conjunction with another open source (or corporate) project?