Hello,
Regarding one item in the presentation:
gSSO imposes that only one session can be active at any time, so using single
Tizen gSSO auth plugin will block processing multiple auth requests
simultaneously.
This is by design for a reason. All authentication requests per method
per identity need to be serialized, because:
1) If stored credential is incorrect, we don't want parallel failed
attempts to a server that could lock-up the account.
2) If user-action (signon-GUI) is required for example due to (1), user
should get only one password dialog that triggers local credential
update and then all the queued requests will pass.
3) In case server says "captcha challenge required", user should get
only one dialog.
4) User needs to accept TOS (Terms Of Service) change before proceeding.
These dialogs are typically (system-)modal anyway...
Parallelizing requests on same method and identity could lead to
situation where account gets locked because same incorrect credential
was attempted too many times. Or account could get locked in case there
were multiple authentication requests without first responding to
captcha (for example Google used to do this). Or at least user gets
annoyed if for example user just booted up the device after changing
service password through desktop computer and then five applications
attempt to go online, server responds incorrect credentials and then
five "enter password" dialogs would be shown.
It also simplifies the authentication plugin logic a lot that it handles
one authentication request from beginning to end at once without having
multiple requests interleaved.
Now serialization is per method (plugin) and there's one instance of
each. To increase parallelism we could launch more instances and have
one instance per (method, identity) pair, this should be doable. I think
we had it that way at some point but changed it for some reason. We
could further research possibility to use "validated" flag to control
parallelism, this flag is used to indicate if stored credential is known
to be valid, but using this flag for the purpose has some potential to
be racy.
Best regards,
- Jussi
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev