...
An InteractionManager is in charge of finding the right CredentialsGatherer to try for a given CredentialRequirement.
The InteractionManager provides the following methods:
- getGathererForCredentials(CredentialRequirement) - given a particular credentials requirement, find an appropriate gatherer
F) Ticket Granting Ticket (update)
The ticket granting ticket needs to be updated to support a list of Authentication objects instead of only a single Authentication object.
G) Authentication manager (update)
The authentication manager takes credentials and returns an authentication. The actions (see D) are responsible for gathering gathering ...
------ NOTE: THIS DOCUMENT IS CURRENTLY INCOMPLETE... TEMPORARILY STOPPED EDITING HERE.... I WANT TO RETHINK A FEW CONCEPTS... ------
H) Registered service (update)
So far, a registered service supports attributes : id, name, theme, description, isAnonymous...
To support LOA, it will now define what authentication handlers it supports. None selected means all.
I think it would be better for the registered service to define a list of assurance levels (from the server's policy) that it accepts. -Nathan
H) Assurance evaluator (new)
The assurance evaluator is in charge of evaluating the LOA of the authentication given as input. It returns a numeric value.
Generally, it returns the numeric value of the LOA associated with the authentication handler used to authenticate previously the user and stored in the authentication.
In case of remember-me, the LOA returned is not the one of the authentication handler but is computed.
...