All,
This is in reference to the Security capabilities we need
for CA from COSMOS 1.0. We need a simple
implementation that supports authentication ONLY (no authorization,
encryption is nice to have). One of our initial adopter products has a web
service that needs three parameters: login, password, and the (graph) query
string.
Since COSMOS does not have any security today whatsoever, we
need to find a way to pass on the login / password from the COSMOS client (and
possibly the webUI) to the MDR’s web service.
There is NO need to deal with any roles / authorization at
this point; I state this explicitly to narrowly define the scope of our initial
implementation. Encryption, while NOT required by the CA product, would
be nice to have, assuming it does not add significant time to the
implementation.
Now some 64 million dollar questions:
Do we need Higgins for this limited implementation? Given our timeframes,
should we do a simple / custom authentication implementation for now, and bring
in Higgins later when we have elaborate security requirements? Does
anyone have any elaborate requirements at this juncture? Is Higgins
designed for such a simple Security implementation, or using Higgins for this
purpose would be like swatting a fly with a tactical nuke? Has anyone
utilized Higgins for a similar scenario in conjunction with another open source
(or corporate) project?
Thanks,
Jimmy
Mohsin
Cell +1-609-635-1703
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
From:
cosmos-dev-bounces@xxxxxxxxxxx [mailto:cosmos-dev-bounces@xxxxxxxxxxx] On
Behalf Of Ebright, Don
Sent: Wednesday, May 14, 2008 10:06 AM
To: Cosmos Dev
Subject: RE: [cosmos-dev] Security must-do for COSMOS 1.0
Jimmy
I think that this
is worthy thing to prioritize, but we need to assess the impact on other
requirements.
Don
The contents of this e-mail are intended
for the named addressee only. It contains information that may be confidential.
Unless you are the named addressee or an authorized designee, you may not copy
or use it, or disclose it to anyone else. If you received it in error please
notify us immediately and then destroy it.
From: cosmos-dev-bounces@xxxxxxxxxxx
[mailto:cosmos-dev-bounces@xxxxxxxxxxx] On Behalf Of Mohsin, Jimmy
Sent: Wednesday, May 14, 2008 9:55 AM
To: Cosmos Dev
Subject: [cosmos-dev] Security must-do for COSMOS 1.0
Importance: High
Don / Mark,
Quick note about the Security item for the May Summit
meeting…. We have a critical adopter that requires Security
internally. It is essential for us to have a minimal Security
implementation for the 1.0 timeframe. Minimal is defined as the ability
to pass on a login-id/password; I have opened a bugzilla entry (231400) for
this ER; design document to follow shortly….
We would be willing to actively participate from our end to
get this capability implemented in i12… Thoughts?
Thanks,
Jimmy
Mohsin
Cell +1-609-635-1703