[midPoint] REST authentication

Radovan Semancik radovan.semancik at evolveum.com
Thu Dec 8 20:06:45 CET 2016


Keith,

Yes please. I'm really interested in the results of your work. Thanks a lot.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 12/08/2016 06:56 PM, Keith Hazelton wrote:
> Radovan,
>
> Authentication and Authorization for APIs is a current work area in the Intenet2 Trust and Identity program.  As our work progresses, we’d be quite willing to share the API AuthNZ requirements arising out of the research and education domains. We are focusing first on APIs into, out of and within the identity and access control infrastructure itself.
>
>           --Keith
> ___________________________________
> email & jabber: keith.hazelton at wisc.edu
> calendar: http://go.wisc.edu/i6zxx0
>
> On 2016-12-08, 08:34 , "midPoint on behalf of Radovan Semancik" <midpoint-bounces at lists.evolveum.com on behalf of radovan.semancik at evolveum.com> wrote:
>
>      Hi Adam,
>      
>      Now, this is subscriber talking. So we have to listen. Do you have any
>      plan how would you like to authenticate with your application? I think
>      that using OAuth2 is currently a common practice. If that approach is
>      suitable for you I would prefer that solution. But if you need something
>      simpler we can do that instead. I think this can still fit into midPoint
>      3.6 development plan.
>      
>      --
>      Radovan Semancik
>      Software Architect
>      evolveum.com
>      
>      
>      
>      On 12/08/2016 03:20 PM, Adam Davenport wrote:
>      > We also have a requirement to call the midPoint API on behalf of a particular user.  Not only for the delegated administration mechanisms but also for auditing.  We plan on having a home grown application that users will use that calls the midPoint API.  We require midPoint to audit that userX performed an action on userY rather than the audit record indicating "application user" performed the action.  However, storing userX's credentials to send in the API calls is not a feasible practice.  Thank you.
>      >
>      > Adam Davenport
>      > Western University
>      > _______________________________________________
>      > midPoint mailing list
>      > midPoint at lists.evolveum.com
>      > http://lists.evolveum.com/mailman/listinfo/midpoint
>      
>      
>      _______________________________________________
>      midPoint mailing list
>      midPoint at lists.evolveum.com
>      http://lists.evolveum.com/mailman/listinfo/midpoint
>      
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint





More information about the midPoint mailing list