diff options
author | Simo Sorce <simo@redhat.com> | 2014-01-22 18:34:59 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-01-23 23:53:27 -0500 |
commit | d7d281d352f0436e49a51211cbfa0c7937225848 (patch) | |
tree | 0796413c29ede1683f3680b6430366b1a664d1ac | |
parent | a97988e9307bc5e7427960302cab5351372cf506 (diff) | |
download | ipsilon-d7d281d352f0436e49a51211cbfa0c7937225848.tar.gz ipsilon-d7d281d352f0436e49a51211cbfa0c7937225848.tar.xz ipsilon-d7d281d352f0436e49a51211cbfa0c7937225848.zip |
WIP: Start adding some documentation
Draft of initial design, TBC
-rw-r--r-- | doc/design.txt | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/doc/design.txt b/doc/design.txt new file mode 100644 index 0000000..ac3a14e --- /dev/null +++ b/doc/design.txt @@ -0,0 +1,31 @@ +Initial design Ideas +-------------------- + + +Introduction +------------ + +Ipsilon is an Identity Provider (IdP) + +In our view an IdP is a gateway that allows applications to authenticate a user +"by proxy", ie deferring to the authentication proxy the actual authentication. + +Applications that most benefit from authentication by proxy are web +applications deployed by a third party (or an internal party) that do not have +direct access to the Identity store containing the user identity. + +IdPs not only provide authentication, but can also provide user identity +information depending on the protocol used. + +The Ipsilon Idp is by nature multi-protocol, both in the interface it exposes +to applications and in the authentication method supported. All the protocols +and authentication providers are implemented as plugins. + +Architecture +------------ + +Ipsilon is mostly a web service builtin in python on the cherrypy framework. +It is normally installed and run in an apache server and some plugins depend on +authentication modules available in apache like mod_auth_kerb. + + |