Re: Online Accounts panel for 3.2
- From: Alberto Mardegan <mardy users sourceforge net>
- To: desktop-devel-list gnome org
- Subject: Re: Online Accounts panel for 3.2
- Date: Wed, 20 Apr 2011 10:16:09 +0300
On 04/20/2011 10:08 AM, Alberto Mardegan wrote:
SSO daemon (signon)
Dependencies: Qt, libcryptsetup
Provided functionality:
- Secure storage of user credentials
- Provides authentication tokens to applications
- SASL plugin, OAuth and plain password plugins are available; more can/should
be written
Forgot to mention two very important features (at least when it comes to 
embedded or corporate environment):
- restrictions on authentication methods: the creator of the account can specify 
what authentication methods can be used to authenticate. For instance, you might 
want to prevent the plain password method to be used (so that the password will 
not be exposed to the applications).
- ACL: the creator of the account can specify what applications can use the 
credentials (this is done using the MeeGo security framework [0]). The DB 
structure in signond allows more fine-grained control, such as specifying 
different restrictions on allowed methods depending on the requesting 
application, but this is not exposed in the API.
Ciao,
  Alberto
[0] https://meego.gitorious.org/meego-platform-security
--
http://blog.mardy.it <-- geek in un lingua international!
[
Date Prev][
Date Next]   [
Thread Prev][
Thread Next]   
[
Thread Index]
[
Date Index]
[
Author Index]