Hi Aaron, The CMIS specification does not define an authentication scheme. It recommends that clients and servers should support the username/password scheme but it does not restrict it to that.
OpenCMIS lets you replace the standard authentication provider (username/password) with code that implements a different authentication scheme (see [1]). If the server supports something else you just have to implement the client part. @Dave: Does the Alfresco server support a different authentication scheme through CMIS? If so, we could implement it and make it part of OpenCMIS. - Florian [1] http://incubator.apache.org/chemistry/opencmis-client-bindings.html#OpenCMISClientBindings-CustomAuthenticationProvider -----Original Message----- From: Aaron Korver [mailto:[email protected]] Sent: Freitag, 11. Juni 2010 17:38 To: [email protected] Subject: Re: User Session and Authentication Strategies > > Hi everyone, > I was just wondering this list's thoughts about Session management and user > authentication. > > I'm doing a Proof of Concept with Alfresco and have decided to got down the > CMIS route. So far, everything has been going well, thanks you your work > with Chemistry. Now I'm to the point where I get to start messing around > with different users and I'm realizing that I've hit a roadblock. > > The Session requires a password for the user to connect via CMIS. Most > applications that I've used don't actually store a user's password. They > either have the hash of the password, or they use a third party > authentication system such as LDAP. So I can't send a password over, and I > don't see any other way to authenticate with Alfresco via the CMIS > Specification. > > So....my next thought is to use the old system user to authenticate once > with the CMIS provider and then set the CREATED_BY and MODIFIED_BY > property. The downside of this is that I loose the ACL mechanisms because > the provider sees all requests as one person. The other downside that I'm > seeing with Alfresco is that it ignores these properties and uses the > authenticated user as the values for the CREATED/MODIFIED_BY properties. > > At this point I'm stuck, I cannot see a way to use CMIS to manage multiple > Sessions with different users. If I can't get past this, I'm going to have > to drop down to Alfresco specific APIs, which is a bummer. Can anyone > provide any guidance for me? > > Thank you, > Aaron Korver > > >
