[DotGNU][DGEE][AUTHENTICATION] RFC for a new auth engine

dotgnu-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DotGNU][DGEE][AUTHENTICATION] RFC for a new auth engine

From:	James Michael DuPont
Subject:	[DotGNU][DGEE][AUTHENTICATION] RFC for a new auth engine
Date:	Sun, 10 Aug 2003 16:54:05 -0700 (PDT)

Dear All,

I propose the following simple solution to our auth problems :

1. The signing of xmlrpc requests as an outer layer of xmlrpc :
the header of the packet contains the uri of the signed foaf 
of the user on the local sever, and a uri of the session.
the session uri contains the ip of the client the port and the
username.
the payload is the orignal xmlrpc request.
the signature is an smime signature of the header and the payload.
           
    +------------------------------------+       
    |                                    |       
    |     +Header                        |       
    |     +------+--UserID               |       
    |     |       +--SessionID           |       
    |     |                              |       
    |     |-+Payload                     |       
    |     |     +----------------------+ |
    |     |     |                      | |
    |     |     |   data               | |
    |     |     |   ######             | |
    |     |     |                      | |
    |     |     |                      | |
    |     |     +----------------------+ |
    |     |-+-Signature                  |       
    |                                    |       
    +------------------------------------+

2. 
the client talks to the the auth server,
it authenticate the client, and packages the request.
it is then sent to the dgee server that uses ssl to verify the
signature of the pacakge and processes the request.
the dgee can send a datapackage or querty to the data server that will
do permanent storage of any needed data. 

 +-----------+      +---------+      +---------+
 |   auth    |  req |   dgee  |  req |  data   |  
 |   service +----|>| service |----|>|  server |  
 +-----------+      +---------+      +---------+


This idea is so simple and can be implemented using standard http tools
such as perl for the auth and data service. the communication is
standard and based on xmlrpc. the ssh/smime tools to sign and verify
the signatures are simple to implment using openssl.

what do you think?

mike

=====
James Michael DuPont
http://introspector.sourceforge.net/

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

[Prev in Thread]

Current Thread

[Next in Thread]

[DotGNU][DGEE][AUTHENTICATION] RFC for a new auth engine, James Michael DuPont <=

Prev by Date: [DotGNU]ANN : Call for help with a porting of VCG to Dotgnu pnet/c
Next by Date: [DotGNU]Re: Developers digest, Vol 1 #1028 - 8 msgs
Previous by thread: [DotGNU]ANN : Call for help with a porting of VCG to Dotgnu pnet/c
Next by thread: [DotGNU]Re: Developers digest, Vol 1 #1028 - 8 msgs
Index(es):
- Date
- Thread