Recent Changes - Search:

edit SideBar


Goals for Authentication

The goal of authenticating accessor is to establish a relation of trust between the accessor, the accessor host, and the accessed service. Composing individually trustworthy accessors should in return give a trusted composition (*). It is not a goal to mandate new security protocols, but rather to bring together existing ones, like OAuth, to forge a strong security architecture for the accessor pattern.

(*) Note that this is a rather bold statement.

In order to achieve the above described goals, we need to put mechanisms and rules in place to

  • Prevent accessor from doing harm to the swarmlet host (e.g., same origin policy, code checks)
  • Input checking for accessors (e.g., sanitization, taint analysis. See SecureCompositionOfAccessors)
  • Access controls for accessing services (e.g., OAuth to authenticate towards a web api using some credentials)

Edit - History - Print - Recent Changes - Search
Page last modified on November 04, 2016, at 09:14 PM