On 1 May 2010 23:57, Avdhesh <[email protected]> wrote: > Authentication and authorization are related concepts and normally comes > together.Authentication layer is basically responsible for the verifying the > credentials of the user.For the the authentication part we are planning to > integrate the Open Id.Open Id eliminates the hassles of generating > passwords,storing and forget password etc.But this is not the only > authentication which photark may support in future. > > Second important layer in authorization.This layer is basically responsible > for the authorizing user when he try to access a > resource(album,Pictures,comments,tags etc).By decoupling the authentication > and authorization we can make photark more flexible and make it capable of > deploying in different scenario. > > There may be many strategies of implementing the authorization layer.Here i > am trying to explain the Authorization layer as a gateway.All the calls for > the access of a resource goes through this layer.We can call it Access > manager. > > After authentication of the user we call the Access Manager to get the > AccessList Object(accessList is like tickect to enter into a > stadium).Accesslist consists of list of permissions a user have(e.g > view_public_album,add_comment etc).On the basis of the access list We fetch > the resources from the system.We can have different set of access list for > different kind of users.For example guest user access list would be > different from the access list of Authenticated user.This can be made > configurable.Every time user try to access a resource its access list needs > to be verified and Access deneid exception thrown in case it try to access > unauthorized resource. > > > Thanks for the information avdhesh,
I'm now in the process of improving the class diagram and I'll draw some activity diagram to elaborate this scenario. Regards, Suho
