From 3c4c46233fad1e26b60a35cc915ce02e5fb805cb Mon Sep 17 00:00:00 2001
From: mbrodhu <brodhun@sub.uni-goettingen.de>
Date: Thu, 29 Oct 2015 15:22:17 +0100
Subject: [PATCH] docs
---
docs/conf.py | 2 +-
docs/index.rst | 89 ++++++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 87 insertions(+), 4 deletions(-)
diff --git a/docs/conf.py b/docs/conf.py
index df92efb..e5a1220 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -110,7 +110,7 @@ todo_include_todos = True
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
-html_theme = 'alabaster'
+html_theme = 'default'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
diff --git a/docs/index.rst b/docs/index.rst
index 4479c89..b59a43b 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -6,9 +6,9 @@
TG-auth*
========
-----------------
-identify Request
-----------------
+--------
+Overview
+--------
The tg-auth* system consists of two main components:
@@ -21,4 +21,87 @@ There are some minor components interacting with tg-auth* (now obsolete since th
* PWreset, a Web application that lets users set a new password in case they forgot their old one
+---------------------
+Technical Information
+---------------------
+**Response**
+
+ * Implementation: PHP, consisting of
+ * openRBAC core: RBAC implementation backed up by an LDAP directory, e.g. openLDAP
+ * openRBAC Web Service layer: for accessing openRBAC functions via SOAP
+ * tgextra (also a SOAP Web Service): additional functions implemented for TextGrid needs, either aggregating basic RBAC functions or introducing unrelated functions that leverage the underlying LDAP server as storage
+ * Storage: an OpenLDAP server
+ * two additional schemas: for RBAC core and for TextGrid-specific attributes
+ * Branches:
+ * ou=people for users
+ * ou=roles for the roles users can activate. TextGrid projects are treated like roles, with sub-roles for the actual roles visible in the TextGridLab. e.g. Administrator or Editor
+ * ou=resources for the TextGridObjects and their role-right assignments
+ * ou=sessions for the Session IDs that users have in the TextGridLab and the roles they activated in their sessions
+
+
+**WebAuthN**
+
+ * Implementation: PHP
+ * Dual Login on the first page:
+ * direct authentication in the community LDAP server or via
+ * Shibboleth Login with DFN-AAI-Basic
+ * Both Login methods populate the Server variable $REMOTE_USER
+ * In Login Mode, the following happens:
+ 1. authentication
+ 2. registration of a user session with activation of all available roles in RBAC
+ 3. check if user has filled out all required personal information and accepted the Terms of use
+ 4. exposure of the newly assigned Session ID for use in further activities with the TextGridLab and the TG-Utilities
+ * In User Details mode (no authentication, just see and modify user's attributes), only 3. happens.
+ * One WebAuthN installation with one community LDAP server can interact with multiple RBAC instances.
+ * HTTP GET or POST arguments for TextGrid-WebAuth.php:
+ * authZinstance – string identifying the RBAC instance to be used. Always needed.
+ * loginname and password – for authentication at community LDAP. Only in Login mode and with HTTP POST.
+ * Sid – Session ID known from some earlier authentication. Necessary for User Details mode.
+ * ePPN - User ID of the user. Necessary in User Details mode.
+ * TextGrid-WebAuth.php is being called from WebAuthN2.php, which presents both the community login form and the Shibboleth Login Button.
+ * For Shibboleth login, the Shibboleth Service Provider (Apache module) guarantees the provision of a correct User ID delivered from some home organisation.
+
+**PWchange**
+
+ * PHP Web application
+ * Authenticates and changes passwords against an LDAP direcory (community LDAP server)
+ * Source currently not in SVN, but available upon request
+
+**PWreset**
+
+ * Perl Web application
+ * sends out links for verification of the user's email adress
+ * must be used with the system's Web browser, not the TextGridLab-internal one, because of the use of cookies to remember the user
+
+----
+URLs
+----
+
+**Repository**
+
+ * Current development is is in GIT repository of GWDG Chili, https://projects.gwdg.de/projects/tg-auth
+ * Old Subversion repositories as of November 2013 can be found here:
+ * openRBAC: https://svn.projects.gwdg.de/svn/textgrid-svn-archive/trunk/middleware/tgauth/info.textgrid.middleware.tgauth.rbac
+ * WebAuthN: https://svn.projects.gwdg.de/svn/textgrid-svn-archive/trunk/middleware/tgauth/info.textgrid.middleware.tgauth.webauth
+ * PWreset: https://svn.projects.gwdg.de/svn/textgrid-svn-archive/trunk/middleware/tgauth/info.textgrid.middleware.tgauth.passwordReset
+
+**WSDL**
+
+OpenRBAC SOAP WSDL locations on the productive TextGridRep TG-auth* server:
+
+ * Most relevant for Lab/User interaction: https://textgridlab.org/1.0/tgauth/wsdl/tgextra.wsdl >> Documentation of TGextra WSDL Methods
+ * Relevant for Server access: https://textgridlab.org/1.0/tgauth/wsdl/tgextra-crud.wsdl >> Documentation of TGextra-crud Methods (TODO)
+ * Administrative functions:
+ * https://textgridlab.org/1.0/tgauth/wsdl/tgadministration.wsdl
+ * https://textgridlab.org/1.0/tgauth/wsdl/tgreview.wsdl
+ * https://textgridlab.org/1.0/tgauth/wsdl/tgsystem.wsdl
+
+**Web applications**
+
+Endpoints for the productive TextGridRep:
+
+ * WebAuthN (Login mode): https://textgridlab.org/1.0/WebAuthN/WebAuthN2.php?authZinstance=textgrid-esx1.gwdg.de
+ * WebAuthN (User Details mode): https://textgridlab.org/1.0/WebAuthN/TextGrid-WebAuth.php?authZinstance=textgrid-esx1.gwdg.de (append "&Sid=XXXX&ePPN=YYY@ZZZ", see above)
+ * PWchange: https://textgridlab.org/1.0/PWchange/index.php
+ * PWreset: https://textgridlab.org/1.0/pwReset.pl
--
GitLab