Authentication Open Service Interface Definitions authentication version 3.0.0
The Authentication OSID manages authenticated entities.
Agent
The Authentication OSID defines an Agent
to represent the identity
of the authenticated entity. An Agent may map to a specific
authentication principal while some providers may elect to hide multiple
authentication principals behind a single Agent
. Because principal
identities tend not to be durable and persistent, consumers should
always persist the Id
.
Resource Mapping
An Agent
may be mapped to a Resource
in the Resource OSID. A
Resource
may map to multiple Agents
but an Agent
may only
map to a single Resource. In the case of a person, a person may be
utilize a number of authentication technologies each with a different
authentication identity. Decoupling the authentication identity from
that of ther person is to provide a means of integrating multiple
services where different authentication identities exist for a person
that impact the handling of authorization.
Authorization
Authorization is a separate service. The Authorization OSID manages what
functions the Agent
is authorized to perform and references the
Agent
Id
. The Authentication OSID is only responsible for
identity management of the Agent
.
Each Agent
of a Resource
may be used to define distinct security
levels of assurance (although the paranoid may opt for defining a
pseudo-resource for each Agent
). These security levels of assurance
can be linked to the Agent
Type
and managed in the
Authorization OSID. The Agent
Type
would be an indicator of the
authentication strength and although it may correlate to a specific
authentication technology, coupling it too tightly to a particular
technology may limit flexibility.
Certain consumers may wish to be notified of changes within the service.
Authentication supports notifications via an
AgentNotificationSession
.
- if (manager.supportsAgentNotification()) {
- AgentNotificationSession ans = manager.getAgentNotificationSession(receiver); ans.registerForNewAgents(); hangAround();
}
- AgentReceiver receiver {
- newAgent(Id agentId) { print(“new agent”); } changedAgent(Id agentId) { print(“updated agent”); } deletedAgent(Id agentId) { print(“deleted agent”); }
}
Agency Cataloging
Agents
are organized into federateable Agency
OsidCatalogs
.
Sub Packages
The Authentication OSID includes an Authentication Key OSID for managing
private keys associated with an Agent
and an Authentication Process
OSID for acquiring and validating authentication credentials. It slaos
includes an Authentication Batch OSID for managing Agents
and
Agencies
in bulk.
Service Managers¶
Authentication Profile¶
-
class
dlkit.services.authentication.
AuthenticationProfile
¶ Bases:
dlkit.osid.managers.OsidProfile
The
AuthenticationProfile
describes the interoperability among authentication services.-
supports_agent_lookup
()¶ Tests if an agent lookup service is supported.
An agent lookup service defines methods to access agents.
Returns: true
if agent lookup is supported,false
otherwiseReturn type: boolean
compliance: mandatory – This method must be implemented.
-
agent_record_types
¶ Gets the supported
Agent
record types.Returns: a list containing the supported Agent
record typesReturn type: osid.type.TypeList
compliance: mandatory – This method must be implemented.
-
agent_search_record_types
¶ Gets the supported
Agent
search record types.Returns: a list containing the supported Agent
search record typesReturn type: osid.type.TypeList
compliance: mandatory – This method must be implemented.
-
agency_record_types
¶ Gets the supported
Agency
record types.Returns: a list containing the supported Agency
record typesReturn type: osid.type.TypeList
compliance: mandatory – This method must be implemented.
-
agency_search_record_types
¶ Gets the supported
Agency
search record types.Returns: a list containing the supported Agency
search record typesReturn type: osid.type.TypeList
compliance: mandatory – This method must be implemented.
-
Authentication Manager¶
-
class
dlkit.services.authentication.
AuthenticationManager
(proxy=None)¶ Bases:
dlkit.osid.managers.OsidManager
,dlkit.osid.sessions.OsidSession
,dlkit.services.authentication.AuthenticationProfile
The authentication manager provides access to authentication sessions and provides interoperability tests for various aspects of this service.
The sessions included in this manager are:
AgentLookupSession:
a session to look upAgents
AgentQuerySession:
a session to queryAgents
AgentSearchSession:
a session to searchAgents
AgentAdminSession:
a session to create, modify and deleteAgents
AgentNotificationSession: a
session to receive messages pertaining toAgent
changesAgentAgencySession:
a session to retrieveAgent
toAgency
mappingsAgentAgencyAssignmentSession:
a session to manageAgent
toAgency
mappingsAgentSmartAgencySession:
a session to create dynamic agenciesAgencyLookupSession:
a session to lookup agenciesAgencyQuerySession:
a session to query agenciesAgencySearchSession
: a session to search agenciesAgencyAdminSession
: a session to create, modify and delete agenciesAgencyNotificationSession
: a session to receive messages pertaining toAgency
changesAgencyHierarchySession
: a session to traverse theAgency
hierarchyAgencyHierarchyDesignSession
: a session to manage theAgency
hierarchy
-
authentication_batch_manager
¶ Gets an
AuthenticationBatchManager
.Returns: an AuthenticationBatchManager
.Return type: osid.authentication.batch.AuthenticationBatchManager
Raise: OperationFailed
– unable to complete requestRaise: Unimplemented
–supports_authentication_batch()
isfalse
compliance: optional – This method must be implemented if ``supports_authentication_batch()`` is ``true``.
-
authentication_keys_manager
¶ Gets an
AuthenticationKeysManager
.Returns: an AuthenticationKeysManager
.Return type: osid.authentication.keys.AuthenticationKeysManager
Raise: OperationFailed
– unable to complete requestRaise: Unimplemented
–supports_authentication_keys()
isfalse
compliance: optional – This method must be implemented if ``supports_authentication_keys()`` is ``true``.
-
authentication_process_manager
¶ Gets an
AuthenticationProcessManager
.Returns: an AuthenticationProcessManager
.Return type: osid.authentication.process.AuthenticationProcessManager
Raise: OperationFailed
– unable to complete requestRaise: Unimplemented
–supports_authentication_process()
isfalse
compliance: optional – This method must be implemented if ``supports_authentication_process()`` is ``true``.