Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "COSMOS Design 231400"
Line 88: | Line 88: | ||
=== COSMOS Client application === | === COSMOS Client application === | ||
− | The COSMOS client application supports commands that accept the username/password values and | + | The COSMOS client application supports commands that accept the username/password values and SOAP version number. For example: |
COSMOS> set username mickey | COSMOS> set username mickey | ||
Line 98: | Line 98: | ||
=== COSMOS UI === | === COSMOS UI === | ||
− | The COSMOS UI presents the user with a dialog prompting for the username and password. | + | The COSMOS UI presents the user with a dialog prompting for the username and password. |
''(Details to be determined)'' | ''(Details to be determined)'' | ||
Line 119: | Line 119: | ||
− | = SOAP example = | + | = SOAP example with Security header = |
<pre> | <pre> | ||
Line 132: | Line 132: | ||
<soapenv:Body> | <soapenv:Body> | ||
<s:query xmlns:s="http://cmdbf.org/schema/1-0-0/datamodel"> | <s:query xmlns:s="http://cmdbf.org/schema/1-0-0/datamodel"> | ||
− | <s:itemTemplate id=" | + | <s:itemTemplate id="AllCIs" suppressFromResult="false" /> |
</s:query> | </s:query> | ||
</soapenv:Body> | </soapenv:Body> |
Revision as of 15:43, 16 May 2008
Contents
Change History
Name: | Date: | Revised Sections: |
---|---|---|
Jimmy Mohsin | 05/16/2008 |
|
Bill Muldoon | 05/19/2008 |
|
Workload Estimation
Process | Sizing | Names of people doing the work |
---|---|---|
Design | .25 | Jimmy Mohsin, Bill Muldoon, Martin Simmonds, et al |
Code | .25 | Bill Muldoon |
Test | .25 | Bill Muldoon |
Documentation | .25 | |
Build and infrastructure | ||
Code review, etc.* | ||
TOTAL | 1 |
'* - includes other committer work (e.g. check-in, contribution tracking)
Purpose
We need a simple implementation that supports authentication ONLY (no authorization, encryption is nice to have). One of our initial adopter products has a web service that needs three parameters: login, password, and the (graph) query string. We need to add login-id/password support to COSMOS.
Requirements
Please note that this part of Security implementation will be completed by November.
Use Case : Integrating a non-COSMOS MDR that requires a authentication (login-id / password)
This use case addresses the situation where a non-COSMOS MDR requires a plain-text login-id and password. This use case will be fulfilled by ER 231400 (http://bugs.eclipse.org/bugs/show_bug.cgi?id=231400)
How to implement this
Design
COSMOS Application <---> COSMOS Client <---> non-COSMOS MDR
The COSMOS Application uses the COSMOS client interface to invoke the services of a non-COSMOS MDR which requires authentication:
- Application obtains the username and password from the user.
- Application initializes the COSMOS client CMDBf Query Service with the endpoint of the MDR (obtained from the Broker).
- Application passes the username/password to the COSMOS CMDBf Query Service and invokes the graphQuery operation with a query
- The COSMOS CMDBf Query Service constructs a graphQuery request with a SOAP body that contains the query. If the username/pasword was supplied, it adds a SOAP header to the request containing the username/password values. It sends the graphQuery request to the MDR endpoint.
- The non-COSMOS MDR authenticates the graphQuery request using the username/password in the SOAP header.
COSMOS Application
Each client application is responsible for obtaining the username and password values from the user.
COSMOS Client application
The COSMOS client application supports commands that accept the username/password values and SOAP version number. For example:
COSMOS> set username mickey COSMOS> set password mouse COSMOS> set soapversion 11
COSMOS> graphQuery hostname mdrname C:\COSMOS\CMDBf\query_all.xml
COSMOS UI
The COSMOS UI presents the user with a dialog prompting for the username and password. (Details to be determined)
COSMOS Client
The COSMOS client CMDBf Query Service interface allows the client to specify the username and password:
public void setUsername(String username) public void setPassword(String password)
An additional interface for the SOAP version is available for non-COSMOS MDRs which support SOAP11:
public void setSoapVersion(int soapVersion)
non-COSMOS MDR
The non-COSMOS MDR extracts the username and password from the SOAP header and authenticates the request.
SOAP example with Security header
<?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <sec:securityHeader xmlns:sec="http://schemas.xmlsoap.org/soap/envelope/" sec:mustUnderstand="0"> <sec:username>mickey</sec:username> <sec:password>mouse</sec:password> </sec:securityHeader> </soapenv:Header> <soapenv:Body> <s:query xmlns:s="http://cmdbf.org/schema/1-0-0/datamodel"> <s:itemTemplate id="AllCIs" suppressFromResult="false" /> </s:query> </soapenv:Body> </soapenv:Envelope>
Current Issues
- Which use cases are relevant for Higgins?
- Given our timeframes, should we do a simple / custom authentication implementation for now, and bring in Higgins later when we have elaborate security requirements? Does anyone have any additional requirements at this juncture that require a 2008 delivery?
- Is Higgins designed for a limited-scope Security implementation that only requires authentication?
- Has anyone utilized Higgins for a similar scenario in conjunction with another open source (or corporate) project?