diff options
Diffstat (limited to 'doc/design.txt')
-rw-r--r-- | doc/design.txt | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/doc/design.txt b/doc/design.txt new file mode 100644 index 0000000..ac3a14e --- /dev/null +++ b/doc/design.txt @@ -0,0 +1,31 @@ +Initial design Ideas +-------------------- + + +Introduction +------------ + +Ipsilon is an Identity Provider (IdP) + +In our view an IdP is a gateway that allows applications to authenticate a user +"by proxy", ie deferring to the authentication proxy the actual authentication. + +Applications that most benefit from authentication by proxy are web +applications deployed by a third party (or an internal party) that do not have +direct access to the Identity store containing the user identity. + +IdPs not only provide authentication, but can also provide user identity +information depending on the protocol used. + +The Ipsilon Idp is by nature multi-protocol, both in the interface it exposes +to applications and in the authentication method supported. All the protocols +and authentication providers are implemented as plugins. + +Architecture +------------ + +Ipsilon is mostly a web service builtin in python on the cherrypy framework. +It is normally installed and run in an apache server and some plugins depend on +authentication modules available in apache like mod_auth_kerb. + + |