#+TITLE: IROH Auth Presentation
#+Author: Yann Esposito
#+Date: [2021-04-16]

- tags :: [[file:2021-04-16--13-35-21Z--cisco.org][Cisco]]

* IROH Auth Presentation

Yann Esposito <yaesposi@cisco.com>

* What is IROH Auth?

This is a software subcomponent of /IROH/ taking care of:

+ /Authentication/
  - provide a user unique identifier
+ /Authorization/
  - decide what user can or cannot do
+ /User Data Model/
+ /Tenancy (Org) Management/
+ /API Clients Management/

* So what is IROH Auth?

The sub-component of IROH taking care of:

- authentication (from user interaction provide a user id, unique identifier)
- authorizations (what can a user do)
- internal user representation
  + Org/Tenancy
  + User
  + OAuth2 Clients

* History

1. Login using AMP SAML (generate JWT)
2. OAuth2 Provider (Grants)
3. Login using OpenID Connect with TG (client of OpenID Connect)
4. Users/Orgs in DB!!!
5. Account Activation
6. Become an OpenID Connect provider
7. OIDC with SSE

* Internal User Structure
* Cisco specificity