Hello,

Regarding one item in the presentation:
gSSO imposes that only one session can be active at any time, so using single 
Tizen gSSO auth plugin will block processing multiple auth requests 
simultaneously.

This is by design for a reason. All authentication requests per method per identity need to be serialized, because: 1) If stored credential is incorrect, we don't want parallel failed attempts to a server that could lock-up the account. 2) If user-action (signon-GUI) is required for example due to (1), user should get only one password dialog that triggers local credential update and then all the queued requests will pass. 3) In case server says "captcha challenge required", user should get only one dialog.
4) User needs to accept TOS (Terms Of Service) change before proceeding.

These dialogs are typically (system-)modal anyway...

Parallelizing requests on same method and identity could lead to situation where account gets locked because same incorrect credential was attempted too many times. Or account could get locked in case there were multiple authentication requests without first responding to captcha (for example Google used to do this). Or at least user gets annoyed if for example user just booted up the device after changing service password through desktop computer and then five applications attempt to go online, server responds incorrect credentials and then five "enter password" dialogs would be shown.

It also simplifies the authentication plugin logic a lot that it handles one authentication request from beginning to end at once without having multiple requests interleaved.

Now serialization is per method (plugin) and there's one instance of each. To increase parallelism we could launch more instances and have one instance per (method, identity) pair, this should be doable. I think we had it that way at some point but changed it for some reason. We could further research possibility to use "validated" flag to control parallelism, this flag is used to indicate if stored credential is known to be valid, but using this flag for the purpose has some potential to be racy.


Best regards,

        - Jussi

_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev

Reply via email to