Re: Online Accounts panel for 3.2



On 04/20/2011 10:08 AM, Alberto Mardegan wrote:
SSO daemon (signon)

Dependencies: Qt, libcryptsetup
Provided functionality:
- Secure storage of user credentials
- Provides authentication tokens to applications
- SASL plugin, OAuth and plain password plugins are available; more can/should
be written

Forgot to mention two very important features (at least when it comes to embedded or corporate environment):

- restrictions on authentication methods: the creator of the account can specify what authentication methods can be used to authenticate. For instance, you might want to prevent the plain password method to be used (so that the password will not be exposed to the applications).

- ACL: the creator of the account can specify what applications can use the credentials (this is done using the MeeGo security framework [0]). The DB structure in signond allows more fine-grained control, such as specifying different restrictions on allowed methods depending on the requesting application, but this is not exposed in the API.

Ciao,
  Alberto


[0] https://meego.gitorious.org/meego-platform-security

--
http://blog.mardy.it <-- geek in un lingua international!


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]