Project

General

Profile

Story #8109

Does authentication token need to include group information?

Added by Jing Tao almost 7 years ago. Updated about 6 years ago.

Status:
New
Priority:
Normal
Assignee:
Category:
Authentication, Authorization
Target version:
-
Start date:
2017-06-06
Due date:
% Done:

0%

Story Points:

Description

Currently when portal generates the authentication token, it doesn't include the group information in it in order to make the token short. So when an entity tries to authorize the token, it has to look up the group information in order to make the group authorization mechanism work. The lookup process has to access multiple places, e.g., the dataone cn, an ldap server, and et al. This seems an overhead.

History

#1 Updated by Jing Tao almost 7 years ago

  • Tracker changed from Feature to Story
  • Subject changed from Authentication token needs to include group information to Does authentication token need to include group information?

#2 Updated by Dave Vieglais about 6 years ago

  • Sprint set to Infrastructure backlog

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)