|
| User authentication and authorization |
 |
Mon, 31 Mar 2008 13:44:54 EDT |
I've reading and found that there are some mecanisms to authenticate a user and
i have som doubts (in fact a lot):<br />
<br />
User Registry<br />
LDAP<br />
Websphere (jus for testing purposes) and<br />
VMM<br />
<br />
|
| Post Reply
|
| Re: User authentication and authorization |
 |
Mon, 31 Mar 2008 17:12:53 -050 |
My understanding is that authentication is the act of validating a user is
who they claim to be (i.e. a userid/password challenge). Once a user is
authenticated, the next step will be to determine if they are then
authorized to perform a particular task.
When you ask about authorization, is this in the context of WebSphere
Process Server's Human Task management or in the context of some other
authorization?
|
| Post Reply
|
| Re: User authentication and authorization |
 |
Mon, 31 Mar 2008 23:04:44 EDT |
|
| Post Reply
|
| Re: User authentication and authorization |
 |
Tue, 01 Apr 2008 00:46:20 EDT |
My understanding is that the registry used for authentication could be a
different registry than that used for Human Task staff resolution (notice I am
not saying authorization here). When you authenticate ... you prove that you
are who you claim to be. The next question that needs to be answered is what
Human Task roles you have?<br />
<br />
Assume that you authenticate as the user "joe". You are now trusted
by WPS that you are indeed "joe". The next question is for a given
Human Task, what is "joe" allowed to do?<br />
<br />
When Human Tasks are created in WPS, it is my understanding that the set of
users defined for a particular role are determined. So when a Human Task is
created then maybe "joe", "bob" and "fred" can be
potential owners. This list of potential owners is derived by consulting a
registry. When "joe" authenticates with WPS and WPS knows that the
user is indeed "joe", then when the user attempts to work a human
task, a simple string pattern match is attempted which says "is 'joe' one
of 'joe', 'bob' or 'fred'". What this means is that there is no need for
a direct relationship between the registry used to authenticate the user and the
registry used to determine the Human Task roles for a Human task.<br />
<br />
See the following for more details:<br />
<br />
http://www-128.ibm.com/developerworks/websphere/library/techarticles/wasid/WPCSt
affReference.html<br />
http://www-128.ibm.com/developerworks/websphere/library/techarticles/wasid/WPC_S
taffArch/WPC_StaffArch.html<br />
http://www-128.ibm.com/developerworks/websphere/library/techarticles/wasid/WPC_S
taffModel/WPC_StaffModel.html<br />
http://www.ibm.com/developerworks/websphere/techjournal/0701_ilechko/0701_ilechk
o.html<br />
http://www.ibm.com/developerworks/websphere/techjournal/0710_lind/0710_lind.html
<br />
http://www.ibm.com/developerworks/websphere/techjournal/0711_lind/0711_lind.html
<br />
http://www.ibm.com/developerworks/websphere/techjournal/0712_lind/0712_lind.html
<br />
|
| Post Reply
|
| Re: User authentication and authorization |
 |
Tue, 01 Apr 2008 23:06:44 EDT |
|
| Post Reply
|
|
|
|
|
|
|
|
|
|