yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deft/journal/2021-04-16--12-27-13Z--iroh_auth_presentation.org
Yann Esposito (Yogsototh) 1028f1580d
journal/2021-04-16--12-27-13Z--iroh_auth_presentation.org
2021-04-16 13:39:52 +02:00

1,013 B
Raw Blame History

IROH Auth Presentation

tags
Cisco

IROH Auth Presentation

Yann Esposito <yaesposi@cisco.com>

What is IROH Auth?

This is a software subcomponent of IROH taking care of:

  • Authentication

    • provide a user unique identifier

  • Authorization

    • decide what user can or cannot do
  • User Data
  • Tenancy (Org) Management
  • API Clients Management

So what is IROH Auth?

The sub-component of IROH taking care of:

  • authentication (from user interaction provide a user id, unique identifier)
  • authorizations (what can a user do)

  • internal user representation

    • Org/Tenancy
    • User
    • OAuth2 Clients

History

  1. Login using AMP SAML (generate JWT)
  2. OAuth2 Provider (Grants)
  3. Login using OpenID Connect with TG (client of OpenID Connect)
  4. Users/Orgs in DB!!!
  5. Account Activation
  6. Become an OpenID Connect provider
  7. OIDC with SSE

Internal User Structure

Cisco specificity