chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Müller <fmuel...@opentext.com>
Subject RE: User Session and Authentication Strategies
Date Fri, 11 Jun 2010 16:35:28 GMT
Hi Aaron,

The CMIS specification does not define an authentication scheme. It recommends that clients
and servers should support the username/password scheme but it does not restrict it to that.

OpenCMIS lets you replace the standard authentication provider (username/password) with code
that implements a different authentication scheme (see [1]). If the server supports something
else you just have to implement the client part.

@Dave: Does the Alfresco server support a different authentication scheme through CMIS? If
so, we could implement it and make it part of OpenCMIS.


- Florian


[1] http://incubator.apache.org/chemistry/opencmis-client-bindings.html#OpenCMISClientBindings-CustomAuthenticationProvider


-----Original Message-----
From: Aaron Korver [mailto:aaron.korver@gmail.com] 
Sent: Freitag, 11. Juni 2010 17:38
To: chemistry-dev@incubator.apache.org
Subject: Re: User Session and Authentication Strategies

>
> Hi everyone,
> I was just wondering this list's thoughts about Session management and user
> authentication.
>
> I'm doing a Proof of Concept with Alfresco and have decided to got down the
> CMIS route.  So far, everything has been going well, thanks you your work
> with Chemistry.  Now I'm to the point where I get to start messing around
> with different users and I'm realizing that I've hit a roadblock.
>
> The Session requires a password for the user to connect via CMIS.  Most
> applications that I've used don't actually store a user's password.  They
> either have the hash of the password, or they use a third party
> authentication system such as LDAP.  So I can't send a password over, and I
> don't see any other way to authenticate with Alfresco via the CMIS
> Specification.
>
> So....my next thought is to use the old system user to authenticate once
> with the CMIS provider and then set the CREATED_BY and MODIFIED_BY
> property.  The downside of this is that I loose the ACL mechanisms because
> the provider sees all requests as one person.  The other downside that I'm
> seeing with Alfresco is that it ignores these properties and uses the
> authenticated user as the values for the CREATED/MODIFIED_BY properties.
>
> At this point I'm stuck, I cannot see a way to use CMIS to manage multiple
> Sessions with different users.  If I can't get past this, I'm going to have
> to drop down to Alfresco specific APIs, which is a bummer.  Can anyone
> provide any guidance for me?
>
> Thank you,
> Aaron Korver
>
>
>

Mime
View raw message