An Identity On The Ground And Your Head In The Clouds

1

submitOrder() requires 1. read policy for submitOrder() [name,password] cred application client 2. call submitOrder() including [planky, ****] 2

submitOrder() requires {role} from sts_authentication 1. read policy for submitOrder() 2. read policy for application request security token 3. request security token passing [planky, ****] {role} requires [name,password] cred security token service sts_authentication 3

“submit order” requires {role} from sts_authentication 5. call “submit order” with security token {role=purchaser} signed sts_authentication application {role=purchaser} signed sts_authentication 4. request security token response security token service sts_authentication mapping: (planky,****)  {role = purchaser} 4

1. read policy for submitOrder() requires submitOrder() {submit order} from sts_authorization 2. read policy for client request security token 4. request security token application passing [planky’s kerb ticket] {role} requires 3. read policy for {submit order} requires [kerb ticket] or request security {role} claim from [name/pwd] cred token sts_authentication security token service security token service sts_authentication sts_authorization “identity claims “authorization claims provider” provider” 5

call submitOrder() submitOrder() requires {submit order} claim from {submit order = true} sts_authorization signed sts_authorization client {submit order = true} signed sts_authorization application {role=purchaser} submitOrder() requires signed sts_authentication {role} claim from {role=purchaser} sts_authentication signed sts_authentication security token security token service service sts_authentication sts_authorization mapping: mapping: planky  {role = purchaser} {role = purchaser}  {submit order = true} 6

An Identity On The Ground And Your Head In The Clouds

0 comments

Notes on slide 1

Favorites, Groups & Events