Re: User Session and Authentication Strategies

[Aaron Korver <aa...@gmail.com>]

>
> Hi everyone,
> I was just wondering this list's thoughts about Session management and user
> authentication.
>
> I'm doing a Proof of Concept with Alfresco and have decided to got down the
> CMIS route.  So far, everything has been going well, thanks you your work
> with Chemistry.  Now I'm to the point where I get to start messing around
> with different users and I'm realizing that I've hit a roadblock.
>
> The Session requires a password for the user to connect via CMIS.  Most
> applications that I've used don't actually store a user's password.  They
> either have the hash of the password, or they use a third party
> authentication system such as LDAP.  So I can't send a password over, and I
> don't see any other way to authenticate with Alfresco via the CMIS
> Specification.
>
> So....my next thought is to use the old system user to authenticate once
> with the CMIS provider and then set the CREATED_BY and MODIFIED_BY
> property.  The downside of this is that I loose the ACL mechanisms because
> the provider sees all requests as one person.  The other downside that I'm
> seeing with Alfresco is that it ignores these properties and uses the
> authenticated user as the values for the CREATED/MODIFIED_BY properties.
>
> At this point I'm stuck, I cannot see a way to use CMIS to manage multiple
> Sessions with different users.  If I can't get past this, I'm going to have
> to drop down to Alfresco specific APIs, which is a bummer.  Can anyone
> provide any guidance for me?
>
> Thank you,
> Aaron Korver
>
>
>