done > -----Original Message----- > From: Cao, Jenny Q > Sent: Thursday, June 26, 2014 4:47 AM > To: Zaman, Imran; Huo, Halton; Laako, Jussi; Balestrieri, Francesco; > crosswalk- > [email protected]; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for Single > Sign on) > > Zaman and Francesco > Pls help to change the https://crosswalk-project.org/jira/browse/XWALK-1877 > from bug to Feature. > Currently it is marked as a Bug > > Thanks > Jenny > > -----Original Message----- > From: Crosswalk-dev [mailto:[email protected] > project.org] On Behalf Of Zaman, Imran > Sent: Wednesday, June 25, 2014 9:24 PM > To: Huo, Halton; Laako, Jussi; Balestrieri, Francesco; crosswalk- > [email protected]; Santos, Thiago > Subject: Re: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for Single > Sign on) > > Hi > > Sure, I will put it tomorrow > > BR > imran > ________________________________________ > From: Huo, Halton > Sent: 25 June 2014 05:57 > To: Laako, Jussi; Balestrieri, Francesco; Zaman, Imran; crosswalk- > [email protected]; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for Single > Sign on) > > Imran/Jussi, > > Many thanks for the responses, is that possible to resubmit the intent with > more > details? The original is too simple. > > Thanks, > Halton. > From: Laako, Jussi > Sent: Tuesday, June 24, 2014 7:15 PM > To: Huo, Halton; Balestrieri, Francesco; Zaman, Imran; crosswalk- > [email protected]; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for Single > Sign on) > > 2) Whoever stores the content is by default owner of it and can decide who > else > can access the information. This is the "creator-owner" model already familiar > for example from Windows. It is much like access control on a file system, > where > user who creates a file defines the ACL. However in this case the owner also > gets > to define the ways how the information can be used. Other users cannot > retrieve the information directly, they can just indirectly use it (through > authentication plugins). > > 3) Target(s) are (sysctx,appctx) pairs, or wild card (not recommended) like > (sysctx,*). So on traditional desktop Linux it could be (/usr/lib/xwalk:some- > app_id). On Tizen the sysctx is SMACK label of the process instead of the > binary > path. > > Depending on authentication method, service side may further restrict access > scope per application, like in case of OAuth (Google, Facebook, Twitter, etc). > > > > - Jussi > > > From: Huo, Halton > Sent: Tuesday, June 24, 2014 10:14 AM > To: Laako, Jussi; Balestrieri, Francesco; Zaman, Imran; crosswalk- > [email protected]<mailto:[email protected] > project.org>; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for Single > Sign on) > > Much clear now. Some follow-up questions: > > 1. Since webapp are start with xwalk-launcher (same binary name), how > does gsigonnd identify a webapp then? > > 2. Is the webapp developer decide whether the identity can be shared? > If so, > how? > > 3. Continued with question 2, Can the target be specified? If yes, HOW? > > 4. How the multi-frame cases considered? Background: extensions for > multi- > frames cases are isolated to each other. Should be the SSON be designed per > app? Not per frame? > > Thanks, > Halton. > From: Laako, Jussi > Sent: Tuesday, June 24, 2014 1:12 PM > To: Huo, Halton; Balestrieri, Francesco; Zaman, Imran; crosswalk- > [email protected]<mailto:[email protected] > project.org>; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for Single > Sign on) > > ACL is a list allowed methods and mechanisms, like ({method1:[mechanism1, > mechanism2]},{method2:[mechanism3, mechanism4]},...) and allowed security > contexts, like ({sysctx1:appctx1},{sysctx2:appctx2},...} > > It is part of the gsignond database structure. Applications can be native or > non- > native. The security context was extended to a pair specifically to better > support > runtimes. > > For example if Accounts UI stores Identity for your email, it can specify > that only > Email application can access it and only using SASL method. Overall idea is > that > 1) application developer doesn't need to implement the authentication > protocol, > 2) application doesn't need to ever see the user's credential > (username+password) while it can still perform authentication with it. > > The overall flow is described here: > https://01.org/gsso/documentation/functional-view > > > > From: Huo, Halton > Sent: Monday, June 23, 2014 7:24 PM > To: Laako, Jussi; Balestrieri, Francesco; Zaman, Imran; crosswalk- > [email protected]<mailto:[email protected] > project.org>; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for Single > Sign on) > > > 3) It depends on the used authentication method. The stored item can be > shared between applications, based on the ACL defined by the entity who owns > it. > How does the ACL looks like? And where the ACL is? Here the "applications" are > native app or web app or everything? An specific example would help me > understand. > > Thanks, > Halton. > From: Laako, Jussi > Sent: Monday, June 23, 2014 9:21 PM > To: Huo, Halton; Balestrieri, Francesco; Zaman, Imran; crosswalk- > [email protected]<mailto:[email protected] > project.org>; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for Single > Sign on) > > Hi, > > > 1) libgsignon-glib which in turn has dbus dependency on gsignond (other > low > level dependencies are glib and sqlite3) > > 2) At native code level, there's per-stored-item ACL specifying WHO can > access the item and HOW > > 3) It depends on the used authentication method. The stored item can be > shared between applications, based on the ACL defined by the entity who owns > it. > > 4) gSSO, so gsignond, libgsignon-glib and signon-ui-efl or signon-ui-gtk. > xwalk/HTML5 variant of signon-ui is under construction at the moment. > > For the additional questions: > > 1) API spec is draft and we are now doing initial implementation for it > > 2) Depends on the used signon-ui component, it is some kind of native > dialog > (efl, gtk or xwalk). Usually system modal, but it depends on the particular UI > component design and environment (desktop, mobile, etc). > > 3) State change has self and enum of the current state. onsignedout and > onremoved only pass the self instance. > > > Best regards, > > > - Jussi > > > > From: Huo, Halton > Sent: Thursday, June 19, 2014 5:34 AM > To: Balestrieri, Francesco; Zaman, Imran; [email protected] > project.org<mailto:[email protected]>; Santos, Thiago > Cc: Laako, Jussi > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for Single > Sign on) > > > Hi Imran, > > > > Sorry for late response, as Franceso said, this intent is very simple, I do > not see > much design para for this API. I do have some questions for this API: > > 1. What the dependencies? Are the dependencies are ready on Tizen? > > 2. What is security concern? For eg Cross-origin scenario. > > 3. How the SSO on cross app are achieved? > > 4. What the test environment need setup? > > > > And questions for the spec: https://code.google.com/p/accounts- > sso/source/browse/widl/signon.widl?repo=libgsignon-glib&name=devel > > 1. I saw it is on devel branch? What the stage of this spec? Any other vendor > implement it? > > 2. UserPromptPolicy<https://code.google.com/p/accounts- > sso/source/browse/widl/signon.widl?repo=libgsignon-glib&name=devel#22>, is > the dialog pop up as web prompt or native dialog? Model or non-model? > > 3. AuthSession<https://code.google.com/p/accounts- > sso/source/browse/widl/signon.widl?repo=libgsignon-glib&name=devel#66>: > What the data when statechanged fired? Same question for onsignedout and > onremoved in interface Identity. > > > > Thanks, > > Halton. > > > -----Original Message----- > > > From: Balestrieri, Francesco > > > Sent: Wednesday, June 18, 2014 10:53 PM > > > To: Balestrieri, Francesco; Zaman, Imran; > > > [email protected]<mailto:[email protected] > > rosswalk-project.org>; Santos, Thiago; Huo, Halton > > > Cc: Laako, Jussi > > > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed > > for > > > Single Sign on) > > > > > > Thiago, Halton, can you LGTM this if OK? Or raise your objections if > > you > > > have them. > > > > > > Same applies to other owners. > > > > > > Francesco > > > > > > > -----Original Message----- > > > > From: Crosswalk-dev [mailto:[email protected] > > > > project.org] On Behalf Of Balestrieri, Francesco > > > > Sent: Tuesday, June 10, 2014 1:44 PM > > > > To: Zaman, Imran; > > > [email protected]<mailto:crosswalk-dev@lists > > > .crosswalk-project.org> > > > > Cc: Laako, Jussi > > > > Subject: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for > > > > Single Sign on) > > > > > > > > Hi, > > > > > > > > this counts as an Intent to implement, Thiago, Halton and others > > > > please comment. > > > > > > > > Please follow the proper format in the future: https://crosswalk- > > > > project.org/#contribute/contributing-code/Declare-your-%22intent-to- > > > > implement%22 > > > > > > > > Francesco > > > > > > > > > -----Original Message----- > > > > > From: Crosswalk-dev [mailto:[email protected] > > > > > project.org] On Behalf Of Zaman, Imran > > > > > Sent: Monday, June 09, 2014 11:05 AM > > > > > To: > > > > [email protected]<mailto:crosswalk-dev@lis > > > > ts.crosswalk-project.org> > > > > > Cc: Laako, Jussi > > > > > Subject: [Crosswalk-dev] WebAPI needed for Single Sign on > > > > > > > > > > Hei! > > > > > > > > > > I have started implementation of WebAPI extension on crosswalk for > > > gSSO. > > > > > Use case is to have support for OAuth and other authentication > > > > > methods for web applications. gSSO would also bridge/unify > > > > > authentication between native and web applications. More details > > > > can > > > be found at: > > > > > > > > > > Crosswalk jira bug is reported at: https://crosswalk- > > > > > project.org/jira/browse/XWALK-1877 > > > > > Tizen jira bug is documented at: > > > > > https://bugs.tizen.org/jira/browse/TIVI- > > > > > 2718 > > > > > > > > > > Widl file can be accessed at: > > > > > http://code.google.com/p/accounts- > > > > > > > > sso/source/browse/widl/signon.widl?repo=libgsignon-glib&name=devel > > > > > > > > > > BR > > > > > imran > > > > > ------------------------------------------------------------------ > > > > -- > > > > > - > > > > > Intel Finland Oy > > > > > Registered Address: PL 281, 00181 Helsinki Business Identity Code: > > > > > 0357606 - > > > > > 4 Domiciled in Helsinki > > > > > > > > > > This e-mail and any attachments may contain confidential material > > > > > for the sole use of the intended recipient(s). Any review or > > > > > distribution by others is strictly prohibited. If you are not the > > > > > intended recipient, please contact the sender and delete all copies. > > > > > > > > > > _______________________________________________ > > > > > Crosswalk-dev mailing list > > > > > [email protected]<mailto:Crosswalk-dev@lis > > > > ts.crosswalk-project.org> > > > > > https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev > > > > -------------------------------------------------------------------- > > > - > > > > Intel Finland Oy > > > > Registered Address: PL 281, 00181 Helsinki Business Identity Code: > > > > 0357606 - 4 Domiciled in Helsinki > > > > > > > > This e-mail and any attachments may contain confidential material > > > for > > > > the sole use of the intended recipient(s). Any review or > > > distribution > > > > by others is strictly prohibited. If you are not the intended > > > > recipient, please contact the sender and delete all copies. > > > > > > > > _______________________________________________ > > > > Crosswalk-dev mailing list > > > > [email protected]<mailto:Crosswalk-dev@lists > > > .crosswalk-project.org> > > > > https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev > > --------------------------------------------------------------------- > Intel Finland Oy > Registered Address: PL 281, 00181 Helsinki Business Identity Code: 0357606 - 4 > Domiciled in Helsinki > > This e-mail and any attachments may contain confidential material for the sole > use of the intended recipient(s). Any review or distribution by others is > strictly > prohibited. If you are not the intended recipient, please contact the sender > and > delete all copies. > > _______________________________________________ > Crosswalk-dev mailing list > [email protected] > https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev --------------------------------------------------------------------- Intel Finland Oy Registered Address: PL 281, 00181 Helsinki Business Identity Code: 0357606 - 4 Domiciled in Helsinki
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. _______________________________________________ Crosswalk-dev mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev
