Comments (1)
Awesome, I'll take a look tomorrow. Would it include any ability to bind to
an enterprise identity management solution like active directory? I'm
thinking of the case where you need to suddenly add 10,000 users overnight
and include a default roles profile, and add additional user roles based on
responsibility.
I.e., the partner grants additional permissions and their authorization
service is allowed to add/subtract roles from a list that both parties
agree on.
CM
On Nov 21, 2015 2:16 PM, "Simon Maxwell-Stewart" [email protected]
wrote:
So recently I have been trying to solve a similar problem to your attempt
with Oz, ie:Making a secure but flexible authorization protocol between applications
and some kind of grant / scope server.So i came up with lummox https://github.com/smaxwellstewart/lummox. It
differs from Oz in the following ways:
- It is designed as a highly configurable user management,
authentication and authorization service for distributed systems; it deals
with user's CRUD and authentication.- Once authenticated, a user generates a JSON web token with an
embedded scope claim (the user's scope). This scope claim is used to
authorize the user for other systems.- It does not deal with secure storage of this token.
- It does not deal with securing the transport layer.
While I like the simplicity of just dealing with JSON web tokens, a well
known standard, i am concerned about the lack of layers of security in my
solution.So I could implement Oz as lummox authorization protocol, keeping the user
management and authentication components.Would love to know whether people think this would be a good idea? Do you
see potnential security concerns with this kind of solution?The code is 100% unit tested so should make changing it's functionality
manageable.—
Reply to this email directly or view it on GitHub
#39.
from oz.
Related Issues (20)
- Validate app credentials before issuing access delegation tickets HOT 1
- Scope comparison utility
- Update dependencies
- Update deps
- Update hawk
- Oz.client.Connection in browser HOT 6
- Q: Why 'use' passwords? HOT 2
- Update deps
- Redirect endpoint in Oz: Does Oz have the same vulnerability as OAuth 2.0? HOT 3
- How does delegation work? HOT 1
- Delegated Authentication HOT 1
- Is this project dead? HOT 2
- Async API
- Replace default argument value
- Update deps
- Example app? HOT 1
- Confirming understanding of Oz workflow HOT 2
- PHP Port
- Proposals for 2 More Oz Workflows
- Update deps
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oz.