Re: Online Accounts panel for 3.2
- From: Alberto Mardegan <mardy users sourceforge net>
- To: desktop-devel-list gnome org
- Subject: Re: Online Accounts panel for 3.2
- Date: Wed, 20 Apr 2011 10:16:09 +0300
On 04/20/2011 10:08 AM, Alberto Mardegan wrote:
SSO daemon (signon)
Dependencies: Qt, libcryptsetup
Provided functionality:
- Secure storage of user credentials
- Provides authentication tokens to applications
- SASL plugin, OAuth and plain password plugins are available; more can/should
be written
Forgot to mention two very important features (at least when it comes to
embedded or corporate environment):
- restrictions on authentication methods: the creator of the account can specify
what authentication methods can be used to authenticate. For instance, you might
want to prevent the plain password method to be used (so that the password will
not be exposed to the applications).
- ACL: the creator of the account can specify what applications can use the
credentials (this is done using the MeeGo security framework [0]). The DB
structure in signond allows more fine-grained control, such as specifying
different restrictions on allowed methods depending on the requesting
application, but this is not exposed in the API.
Ciao,
Alberto
[0] https://meego.gitorious.org/meego-platform-security
--
http://blog.mardy.it <-- geek in un lingua international!
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
