You are viewing a plain text version of this content. The canonical link for it is here.
Posted to photark-dev@incubator.apache.org by Avdhesh <av...@avdheshyadav.com> on 2010/05/01 18:27:12 UTC
Authorization Layer in Photark
Authentication and authorization are related concepts and normally comes
together.Authentication layer is basically responsible for the verifying
the credentials of the user.For the the authentication part we are
planning to integrate the Open Id.Open Id eliminates the hassles of
generating passwords,storing and forget password etc.But this is not the
only authentication which photark may support in future.
Second important layer in authorization.This layer is basically
responsible for the authorizing user when he try to access a
resource(album,Pictures,comments,tags etc).By decoupling the
authentication and authorization we can make photark more flexible and
make it capable of deploying in different scenario.
There may be many strategies of implementing the authorization
layer.Here i am trying to explain the Authorization layer as a
gateway.All the calls for the access of a resource goes through this
layer.We can call it Access manager.
After authentication of the user we call the Access Manager to get the
AccessList Object(accessList is like tickect to enter into a
stadium).Accesslist consists of list of permissions a user have(e.g
view_public_album,add_comment etc).On the basis of the access list We
fetch the resources from the system.We can have different set of access
list for different kind of users.For example guest user access list
would be different from the access list of Authenticated user.This can
be made configurable.Every time user try to access a resource its access
list needs to be verified and Access deneid exception thrown in case it
try to access unauthorized resource.
Re: Authorization Layer in Photark
Posted by Suhothayan Sriskandarajah <su...@gmail.com>.
On 1 May 2010 23:57, Avdhesh <av...@avdheshyadav.com> wrote:
> Authentication and authorization are related concepts and normally comes
> together.Authentication layer is basically responsible for the verifying the
> credentials of the user.For the the authentication part we are planning to
> integrate the Open Id.Open Id eliminates the hassles of generating
> passwords,storing and forget password etc.But this is not the only
> authentication which photark may support in future.
>
> Second important layer in authorization.This layer is basically responsible
> for the authorizing user when he try to access a
> resource(album,Pictures,comments,tags etc).By decoupling the authentication
> and authorization we can make photark more flexible and make it capable of
> deploying in different scenario.
>
> There may be many strategies of implementing the authorization layer.Here i
> am trying to explain the Authorization layer as a gateway.All the calls for
> the access of a resource goes through this layer.We can call it Access
> manager.
>
> After authentication of the user we call the Access Manager to get the
> AccessList Object(accessList is like tickect to enter into a
> stadium).Accesslist consists of list of permissions a user have(e.g
> view_public_album,add_comment etc).On the basis of the access list We fetch
> the resources from the system.We can have different set of access list for
> different kind of users.For example guest user access list would be
> different from the access list of Authenticated user.This can be made
> configurable.Every time user try to access a resource its access list needs
> to be verified and Access deneid exception thrown in case it try to access
> unauthorized resource.
>
>
> Thanks for the information avdhesh,
I'm now in the process of improving the class diagram and I'll draw some
activity diagram to elaborate this scenario.
Regards,
Suho