Authentication Open Service Interface Definitions authentication version 3.0.0

The Authentication OSID manages authenticated entities.

Agent

The Authentication OSID defines an Agent to represent the identity of the authenticated entity. An Agent may map to a specific authentication principal while some providers may elect to hide multiple authentication principals behind a single Agent. Because principal identities tend not to be durable and persistent, consumers should always persist the Id.

Resource Mapping

An Agent may be mapped to a Resource in the Resource OSID. A Resource may map to multiple Agents but an Agent may only map to a single Resource. In the case of a person, a person may be utilize a number of authentication technologies each with a different authentication identity. Decoupling the authentication identity from that of ther person is to provide a means of integrating multiple services where different authentication identities exist for a person that impact the handling of authorization.

Authorization

Authorization is a separate service. The Authorization OSID manages what functions the Agent is authorized to perform and references the Agent Id. The Authentication OSID is only responsible for identity management of the Agent.

Each Agent of a Resource may be used to define distinct security levels of assurance (although the paranoid may opt for defining a pseudo-resource for each Agent ). These security levels of assurance can be linked to the Agent Type and managed in the Authorization OSID. The Agent Type would be an indicator of the authentication strength and although it may correlate to a specific authentication technology, coupling it too tightly to a particular technology may limit flexibility.

Certain consumers may wish to be notified of changes within the service. Authentication supports notifications via an AgentNotificationSession.

if (manager.supportsAgentNotification()) {
AgentNotificationSession ans = manager.getAgentNotificationSession(receiver); ans.registerForNewAgents(); hangAround();

}

AgentReceiver receiver {
newAgent(Id agentId) { print(“new agent”); } changedAgent(Id agentId) { print(“updated agent”); } deletedAgent(Id agentId) { print(“deleted agent”); }

}

Agency Cataloging

Agents are organized into federateable Agency OsidCatalogs.

Sub Packages

The Authentication OSID includes an Authentication Key OSID for managing private keys associated with an Agent and an Authentication Process OSID for acquiring and validating authentication credentials. It slaos includes an Authentication Batch OSID for managing Agents and Agencies in bulk.

Service Managers

Authentication Profile

class dlkit.services.authentication.AuthenticationProfile

Bases: dlkit.osid.managers.OsidProfile

The AuthenticationProfile describes the interoperability among authentication services.

supports_agent_lookup()

Tests if an agent lookup service is supported.

An agent lookup service defines methods to access agents.

Returns:true if agent lookup is supported, false otherwise
Return type:boolean

compliance: mandatory – This method must be implemented.

agent_record_types

Gets the supported Agent record types.

Returns:a list containing the supported Agent record types
Return type:osid.type.TypeList

compliance: mandatory – This method must be implemented.

agent_search_record_types

Gets the supported Agent search record types.

Returns:a list containing the supported Agent search record types
Return type:osid.type.TypeList

compliance: mandatory – This method must be implemented.

agency_record_types

Gets the supported Agency record types.

Returns:a list containing the supported Agency record types
Return type:osid.type.TypeList

compliance: mandatory – This method must be implemented.

agency_search_record_types

Gets the supported Agency search record types.

Returns:a list containing the supported Agency search record types
Return type:osid.type.TypeList

compliance: mandatory – This method must be implemented.

Authentication Manager

class dlkit.services.authentication.AuthenticationManager(proxy=None)

Bases: dlkit.osid.managers.OsidManager, dlkit.osid.sessions.OsidSession, dlkit.services.authentication.AuthenticationProfile

The authentication manager provides access to authentication sessions and provides interoperability tests for various aspects of this service.

The sessions included in this manager are:

  • AgentLookupSession: a session to look up Agents
  • AgentQuerySession: a session to query Agents
  • AgentSearchSession: a session to search Agents
  • AgentAdminSession: a session to create, modify and delete Agents
  • AgentNotificationSession: a session to receive messages pertaining to Agent changes
  • AgentAgencySession: a session to retrieve Agent to Agency mappings
  • AgentAgencyAssignmentSession: a session to manage Agent to Agency mappings
  • AgentSmartAgencySession: a session to create dynamic agencies
  • AgencyLookupSession: a session to lookup agencies
  • AgencyQuerySession: a session to query agencies
  • AgencySearchSession : a session to search agencies
  • AgencyAdminSession : a session to create, modify and delete agencies
  • AgencyNotificationSession : a session to receive messages pertaining to Agency changes
  • AgencyHierarchySession : a session to traverse the Agency hierarchy
  • AgencyHierarchyDesignSession : a session to manage the Agency hierarchy
authentication_batch_manager

Gets an AuthenticationBatchManager.

Returns:an AuthenticationBatchManager.
Return type:osid.authentication.batch.AuthenticationBatchManager
Raise:OperationFailed – unable to complete request
Raise:Unimplementedsupports_authentication_batch() is false

compliance: optional – This method must be implemented if ``supports_authentication_batch()`` is ``true``.

authentication_keys_manager

Gets an AuthenticationKeysManager.

Returns:an AuthenticationKeysManager.
Return type:osid.authentication.keys.AuthenticationKeysManager
Raise:OperationFailed – unable to complete request
Raise:Unimplementedsupports_authentication_keys() is false

compliance: optional – This method must be implemented if ``supports_authentication_keys()`` is ``true``.

authentication_process_manager

Gets an AuthenticationProcessManager.

Returns:an AuthenticationProcessManager.
Return type:osid.authentication.process.AuthenticationProcessManager
Raise:OperationFailed – unable to complete request
Raise:Unimplementedsupports_authentication_process() is false

compliance: optional – This method must be implemented if ``supports_authentication_process()`` is ``true``.