Project

General

Profile

Task #1612

Story #1486: Create Session Management system

Change CILogon to call IdentityService

Added by Matthew Jones almost 13 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
-
Target version:
Sprint-2011.26-Block.4
Start date:
Due date:
% Done:

100%

Milestone:
CCI-0.6.2
Product Version:
*
Story Points:
Sprint:

Description

CILogon should call the d1_identity service to obtain user attributes for an authenticated user, and then embed these in the certificate that is produced for the user. The CILogon service will be authorized to access the identity service. The identity service will return a Session object serialized as XML that can be included directly in the X.509 certificate.

History

#1 Updated by Ben Leinfelder almost 13 years ago

  • Status changed from New to In Progress
  • Milestone set to CCI-0.6.2

CertificateManager is currently calling d1_identity service to collect the necessary information. We may have CILogon make these calls to reduce the load on the CNs, but not right now.

#2 Updated by Ben Leinfelder almost 13 years ago

  • Status changed from In Progress to Closed

#3 Updated by Ben Leinfelder over 12 years ago

https://test.cilogon.org/?skin=DataONE is now returning certificates with SubjectInfo XML included as an extension. There is a libclient CertificateManager method to extract this information if it is included. MNs and CNs that need to check for authorization need not call the CNIdentity service to find out alternate identities -- they are included in the certificate contents.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)