61 lines
1.4 KiB
Org Mode
61 lines
1.4 KiB
Org Mode
#+TITLE: IROH Auth Presentation
|
|
#+Author: Yann Esposito
|
|
#+Date: [2021-04-16]
|
|
|
|
- tags :: [[file:2021-04-16--13-35-21Z--cisco.org][Cisco]]
|
|
|
|
* IROH Auth Presentation
|
|
|
|
Yann Esposito <yaesposi@cisco.com>
|
|
|
|
* What is IROH-Auth? (overview)
|
|
|
|
This is a software subcomponent of /IROH/ taking care of:
|
|
|
|
+ /Authentication/
|
|
- provide a user unique identifier
|
|
+ /Authorization/
|
|
- decide what user can or cannot do
|
|
+ /User Data Model/
|
|
+ /Tenancy (Org) Management/
|
|
+ /API Clients Management/
|
|
|
|
* What is IROH-Auth? (technical)
|
|
|
|
/IROH-Auth/ is a set of /Services/ within /IROH/ some of them exposing
|
|
HTTP APIs.
|
|
|
|
grant_service.clj
|
|
idp_migrate_service.clj
|
|
idp_migrate_web_service.clj
|
|
invite_service.clj
|
|
invite_web_service.clj
|
|
iroh_auth_mgmt_service.clj
|
|
iroh_auth_service.clj
|
|
iroh_auth_web_service.clj
|
|
oauth2_client_preset_service.clj
|
|
oauth2_client_service.clj
|
|
oauth2_client_web_service.clj
|
|
oauth2_service.clj
|
|
oauth2_web_service.clj
|
|
org_service.clj
|
|
profile_web_service.clj
|
|
provisioning_service.clj
|
|
provisioning_web_service.clj
|
|
scim_client_service.clj
|
|
session_web_service.clj
|
|
user_service.clj
|
|
user_web_service.clj
|
|
|
|
* History
|
|
|
|
1. Login using AMP SAML (generate JWT)
|
|
2. OAuth2 Provider (Grants)
|
|
3. Login using OpenID Connect with TG (client of OpenID Connect)
|
|
4. Users/Orgs in DB!!!
|
|
5. Account Activation
|
|
6. Become an OpenID Connect provider
|
|
7. OIDC with SSE
|
|
|
|
* Internal User Structure
|
|
* Cisco specificity
|