Hello, On Wed, Dec 11, 2013 at 2:03 AM, Jussi Laako <[email protected]>wrote:
> Hello, > > Overall, the proposal looks good. > > I would like to ask clarification to one item that wasn't clear to me from > this documentation. > > How is the implementation split into components and what type of > components those are? This is important from the access control point of > view (AccessControlManager in gSSO), because in order for it to do it's > work the request needs to come directly from the requesting process and > should not be forwarded between processes. So the authentication request > should come directly from the application process to the gsignond, thus the > RequestAuthData() should be implemented for example in a library loaded to > the application. > Tizen Account is a client-side library and there is no daemon. All account manager codes are executed in the caller application's context. So the authentication request come directly from the application as required. > > For WRT applications and such where the process may not be 1:1 with the > application there's additional field called "appctx" in the gSSO > SecurityContext to define a sub-context within "sysctx" (SMACK label in > Tizen). Bindings should fill in this item. > > I understand that this just an example, but in slides 1 and 2 the gSSO ACL > is "*" which is not recommended for storing anything else than public keys > (X.509 or similar). It should be set to SMACK label on which the > application has "rx" permissons. (r = Identity access, x = AuthSession > access, w = IdentityInfo access) > That's a good point. I made the slides to show interactions between account manager and gSSO. I used '*' just to avoid the slides being complicated. :) I'm going to deal with this topic more deeply in another mail. > > Please also note that for OAuth, the gSSO IdentityInfo item called > "Realms" needs to be set to match domain name of the particular Identity. > For example "google.com" for Google accounts. > > > Best regards, > > - Jussi > > BRs, Jaehwa
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
