Index: openacs-4/packages/acs-core-docs/www/ext-auth-requirements.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/ext-auth-requirements.html,v diff -u -r1.40.2.21 -r1.40.2.22 --- openacs-4/packages/acs-core-docs/www/ext-auth-requirements.html 17 Jun 2017 08:29:27 -0000 1.40.2.21 +++ openacs-4/packages/acs-core-docs/www/ext-auth-requirements.html 17 Jun 2017 10:15:40 -0000 1.40.2.22 @@ -1,5 +1,5 @@ -
People have plenty of usernames and passwords already, we +
People have plenty of usernames and passwords already, we don't want them to have yet another. We want people to be able to log in to OpenACS with the same password they use to log in to any other system.
Besides, administrators have better things to do than create @@ -45,7 +45,7 @@ only one implementation of the authentication API, namly the one included in OpenACS Core.
Authentication Driver API: The service contract which authentication drivers implement.
Authentication:
-
Account Management (NO PICTURE YET)
Batch Synchronization (NO PICTURE YET)
Feature | Status | Description |
---|---|---|
New API | ||
EXT-AUTH-01 | A | Extend Authentication/Acct Status API |
EXT-AUTH-03 | A | Account Creation API |
EXT-AUTH-05 | A | Password Management API |
EXT-AUTH-30 | A | Authority Management API |
Feature | Status | Description |
---|---|---|
Login | ||
EXT-AUTH-04 | A | Rewrite login, register, and admin pages to use APIs |
EXT-AUTH-38 | A | ad_form complain feature |
EXT-AUTH-19 | A | Rewrite password recovery to use API |
EXT-AUTH-21 | A | Rewrite email verification with API |
EXT-AUTH-28 | A | Username is email switch |
Users will log in using a username, a authority, and a +
Account Management (NO PICTURE YET)
Batch Synchronization (NO PICTURE YET)
Feature | Status | Description |
---|---|---|
New API | ||
EXT-AUTH-01 | A | Extend Authentication/Acct Status API |
EXT-AUTH-03 | A | Account Creation API |
EXT-AUTH-05 | A | Password Management API |
EXT-AUTH-30 | A | Authority Management API |
Feature | Status | Description |
---|---|---|
Login | ||
EXT-AUTH-04 | A | Rewrite login, register, and admin pages to use APIs |
EXT-AUTH-38 | A | ad_form complain feature |
EXT-AUTH-19 | A | Rewrite password recovery to use API |
EXT-AUTH-21 | A | Rewrite email verification with API |
EXT-AUTH-28 | A | Username is email switch |
Users will log in using a username, a authority, and a password. The authority is the source for user/password verification. OpenACS can be an authority itself.
Each user in OpenACS will belong to exactly one authority, which can either be the "local" OpenACS users table, in which case the @@ -119,7 +119,7 @@ implemetned using a service contract.
Feature | Status | Description |
---|---|---|
Synchronizing and linking users | ||
EXT-AUTH-28 | A | Create service contract for Batch Sync. |
EXT-AUTH-38 | A | Batch User Synchronization API |
EXT-AUTH-38 | A | IMS Synchronization driver |
EXT-AUTH-08 | A | Automation of batch Synchronization |
EXT-AUTH-15 | B | On-demand synchronization |
Regardless of the login method, the user needs to have a row in the OpenACS users table. This can happen through a batch job, in -real-time, or both in combination. We use the IMS Enterprise 1.1 specification.
Batch job means that we do a synchronization (import new +real-time, or both in combination. We use the IMS Enterprise 1.1 specification.
Batch job means that we do a synchronization (import new users, modify changed, purge deleted) on a regular interval, e.g. every night. You can also decide to have a monthly full synchronization, plus daily incremental ones. That's up to you. The @@ -370,9 +370,9 @@ module for Zope (documentation).
We'd really appreciate feedback on this proposal. Please follow up at this -openacs.org forums thread.
Threads and links collected by Carl Blesius.
Draft Proposal by Andrew Grumet.
Yale -CAS, a centrl authentication service a' la +CAS, a central authentication service a' la Passport.