Access Control Brainstorm

Separate the Authorization from Authentication

Project 1: Add Roles to be used for Authorization to access data

We will need this, no matter what system we choose.

• adding auth database in front of (one or more ODM datasources)
  • What Series have access control (from which source)
  • we know who you are (trust project 2)
    • can does user have the role that allows them to access data
    • what data have you access
  • UI to manage applying roles to data series

Project 1.1

• update generic web services to accommodate authorization service

Project 2: Look at Authorization Service

• Who you are
• What solutions are out there: Federated/central
  • cloud based
• What is needed to integrate with Authorization System (project 1)

Requirements:

• It needs to be a service that a small user community can install and manage

OAuth 2:

• Oauth2 wiki
• Facebook

Simple Web Token:

• Azure obtaining simple web tokens
• WCF with simple web token
• developmentor wcf/swt

Azure Appfabric Access Control (also Windows Server AppFabic)

• MS Page for Appfabric
• Samples in Azre Labs
• Federated Auth Samples from Michèle Leroux Bustamante
• Blog on AppFabic Server and Azure
• Webcast Introducing Windows Azure AppFabric Access Control Service (ACS) Labs Release
• http://www.dasblonde.net/2010/04/19/DevConnectionsVSLaunchApril2010NdashCode.aspx

WIndows Identity Foundation:

• WCF, WIF and Odata