Authentication and authorization edits

6a17fd13 · twl8n · 47fe5cc1 · 6a17fd13
Commit 6a17fd13 authored Sep 01, 2015 by twl8n
Hide whitespace changes
Inline Side-by-side

Showing with 38 additions and 32 deletions

requirements.md tat_requirements/requirements.md +38 -32

No files found.
--- a/tat_requirements/requirements.md
+++ b/tat_requirements/requirements.md
@@ -485,43 +485,49 @@ Authentication is validating user logins to the system. Authorization is
 the related aspect of controlling which parts of the system users may
 access (or even which parts they may know exist).
-Authentication systems require excessively careful programming since
+We can use OpenID for authentication, but we will need a user profile for SNAC roles and authorization. There
-they are always attacked. The usual recommendation is to use an
+are examples of PHP code to implement OpenID at stackexchange:
-off-the-shelf authentication system although this is often difficult
-since system requirements vary widely. We should search for an open
+http://stackoverflow.com/questions/4459509/how-to-use-open-id-as-login-system
-source authentication system, and only write our own if nothing
-exists.^[[r]](#cmnt18)^
+OpenID seems to constantly be changing, and sites using change frequently. Google has (apparently) deprecated
+OpenID 2.0 in favor of Open Connect. Facebook is using something else, but apparently FB still works with
-Authorization involves controlling what users can do once they are in
+OpenID. Stackexchange supports several authentication schemes. If they can do it, so can we. Or we can support
-the system. The default is that they can't do anything that isn’t
+one scheme for starters and add others as necessary. The SE code is not open source, so we can't see how much
-exposed to the non-authenticated public users. Privileges are added and
+work it was to support the various OpenID partners.
-users are put into groups from which they inherit privileges, and some
-privileges can be granted on a per-user basis. The authorization system
+Authorization involves controlling what users can do once they are in the system. That function is sort of
-is involved in every transaction with the server to the extent that
+more solved by OAuth or OpenID by sharing the user profile. However, SNAC has specific requirements,
-every request to the server is check for authorization before being
+especially our roles, and those will not be found in other system. There is not anything we must have from
-passed to the code doing the real work.
+user profiles. We might want their social networking profile, but social networking is not a core function of
+SNAC. 
-The Linux model of three privilege types "user", “group”, and “other”
-works well for authorization permissions and we should use this model.
+By default users can't do anything that isn't exposed to the non-authenticated public users. Privileges are
-"User" is an authenticated user. “Group” is a set of users, and a user
+added and users are given roles (aka groups) from which they inherit privileges. The authorization system is
-may belong to several groups. "Other" is any non-authenticated user.
+involved in every transaction with the server to the extent that every request to the server is checked for
-Users can be in multiple groups and have all the privileges of all the
+authorization before being passed to the code doing the real work.
-groups to which they belong. Groups membership can change, therefore we
-need UI and code to manage that. User information such as name, phone
+The Linux model of three privilege types "user", "group", and "other" works well for authorization permissions
-number, and even password can also change. User ID values cannot be
+and we should use this model.  "User" is an authenticated user. "Group" is a set of users, and a user may
-changed, and a user ID is never reused.
+belong to several groups. Outside the Linux world "group" is known as "role", so SNAC will call them
+"roles". "Other" privileges apply to SNAC as public, non-authenticated users.  
-By and large when we refer to "accounts" we mean web accounts managed by
-the Manager/Web admin. It should be possible to use the discovery
+Users can have several roles, and will have all the privileges of all the roles they fill. Role membership is
-interface without an account, but saving history, searches, and other
+managed by an administrative UI and related API code. User information such as name, phone number, and even
+password can also change. User ID values cannot be changed, and a user ID is never reused, even after account
+deletion.
+By and large when we refer to "accounts" we mean web accounts managed by the Manager/Web admin. The general
+public can use the discovery interface without an account, but saving search history, and other
 session related discovery tools requires an account.
-Every account will be in the "Researcher" group (role). Privileges are
+Every account will be in the "Researcher" role which has the same privileges as the general public, but with a
-managed by adding other groups to an individual user's account.
+TBD set of basic privileges including: search history, certain researcher reports. 
 [](#)[](#)
-User type
+User type 
 Group