The tg-auth* system consists of two main components:
* openRBAC, a system to maintain, modify, and enforce authorization policies using the Role-Based Access Control framework. See http://www.openrbac.de/, however, the basic software has been heavily customized for use with TextGrid
* WebAuthN, a system offering authentication functionalities, both direct using a community-managed user directory and the Shibboleth-based DFN-AAI. WebAuthN is embedded in TextGridLab offering a Login Screen and registers the user in RBAC.
* openRBAC, a system to maintain, modify, and enforce authorization policies using the Role-Based Access Control framework. See http://www.openrbac.de/, however, the basic software has been heavily customized for use with TextGrid
* WebAuthN, a system offering authentication functionalities, both direct using a community-managed user directory and the Shibboleth-based DFN-AAI. WebAuthN is embedded in TextGridLab offering a Login Screen and registers the user in RBAC.
There are some minor components interacting with tg-auth* (now obsolete since the TextGrid and DARIAH Accounts has been merged… please use the DARIAH Self Service Portal):
* PWchange, a Web application allowing for setting a new password in case the user knows their old one
* PWreset, a Web application that lets users set a new password in case they forgot their old one
* PWchange, a Web application allowing for setting a new password in case the user knows their old one
* PWreset, a Web application that lets users set a new password in case they forgot their old one
---------------------
Technical Information
---------------------
**Response**
* Implementation: PHP, consisting of
* openRBAC core: RBAC implementation backed up by an LDAP directory, e.g. openLDAP
* openRBAC Web Service layer: for accessing openRBAC functions via SOAP
* tgextra (also a SOAP Web Service): additional functions implemented for TextGrid needs, either aggregating basic RBAC functions or introducing unrelated functions that leverage the underlying LDAP server as storage
* Storage: an OpenLDAP server
* two additional schemas: for RBAC core and for TextGrid-specific attributes
* Branches:
* ou=people for users
* ou=roles for the roles users can activate. TextGrid projects are treated like roles, with sub-roles for the actual roles visible in the TextGridLab. e.g. Administrator or Editor
* ou=resources for the TextGridObjects and their role-right assignments
* ou=sessions for the Session IDs that users have in the TextGridLab and the roles they activated in their sessions
* Implementation: PHP, consisting of
* openRBAC core: RBAC implementation backed up by an LDAP directory, e.g. openLDAP
* openRBAC Web Service layer: for accessing openRBAC functions via SOAP
* tgextra (also a SOAP Web Service): additional functions implemented for TextGrid needs, either aggregating basic RBAC functions or introducing unrelated functions that leverage the underlying LDAP server as storage
* Storage: an OpenLDAP server
* two additional schemas: for RBAC core and for TextGrid-specific attributes
* Branches:
* ou=people for users
* ou=roles for the roles users can activate. TextGrid projects are treated like roles, with sub-roles for the actual roles visible in the TextGridLab. e.g. Administrator or Editor
* ou=resources for the TextGridObjects and their role-right assignments
* ou=sessions for the Session IDs that users have in the TextGridLab and the roles they activated in their sessions
**WebAuthN**
...
...
@@ -70,7 +73,7 @@ Technical Information
* sends out links for verification of the user's email adress
* must be used with the system's Web browser, not the TextGridLab-internal one, because of the use of cookies to remember the user
