[Exist-development] Pluggable Authentication Architecture

[Loren C. <lor...@gm...>]

On Oct 30, 2009, at 06:47 AM, Adam Retter wrote:

> I think you would still need some sort of admin user that is  
> maintained outside of OpenID. Otherwise what happens if you need to  
> do something with eXist and your web connection has gone down.
>
> I would quite like to see a composite authentication system, where  
> authentication modules are pluggable - you could plug in modules for  
> "eXist", "JDBC", "System (PAM/NTLM)", "LDAP", and you would be able  
> to set an order of priority and user authentication would be  
> attempted at each module in turn until one succeeds.
>
> Cheers Adam.


After the above email exchange with Adam, I decided to take a  
different tack and work towards a Pluggable Authentication  
Architecture.  Below is a list of requirements that I have devised.   
Please reply with additional requirements that you have identified or  
refute the ones that I have listed.

A user has one and only one method of authentication

	Multiple authentication methods for a user can lead to confusion, so  
that is why the requirement of a single authentication method for a  
given user.

Admin is always created as a DefaultAuthentication (password is stored  
in the eXist database as a hash)
The password is null
Admin is created with the dba group
Guest is always created as a DefaultAuthentication (password is stored  
in the eXist database as a hash)
The password is null
Guest is created with the guest group
A user's authentication can be converted from one method of  
authentication to another
The admin user cannot be converted to any other authentication type,  
because the other authentication types rely on other services that  
might be offline.
The guest user may be converted to another authentication type, but is  
discouraged because they rely on other services that might be offline.
All users must belong to at least one group.
The DefaultAuthentication uses the MD5 hash as the default, but can be  
configured to use alternate hashes


The authorization architecture is a separate issue and will be dealt  
with in a different thread.

Below is a preliminary class diagram for the authentication discussion.



Loren