[dev] External access tickets

[Michael J Rubinsky]

Quoting Ralf Lang <lang at b1-systems.de>:

> Hallo,
>
> I need to provide throwaway access to some shared resources in a
> horde_shares based application.
> This means, the subject to grant access to will not be a horde user, but
> access will not be granted globally.
>
> Think of a scenario where you want to give - potentially time-limited,
> revokable - access to a calendar, addressbook, file or similar resource
> to an external party.
>
> Strategies to implement
>
> - Have an application specific table with some auth string, related
> resource ID, expiry date
>
> OR
>
> - Make this a feature of Horde_Shares (separate table app_sharesng_tickets)
>
> OR
>
> - Make this a feature of the RPC/Rest/access stack.
>
> What would make most sense / have a chance for committing back into Horde?
>
>
>
> Kludges/Workarounds
>
> - have a separate vhost with a separate auth table/source but shared
> application/resource tables.


Is the idea to grant API access only, or full UI access?

I'm not sure the Horde_Shares strategy would work, though I honestly  
like that as an idea the best. How would we be authenticated to the  
actual application?

It would be great if we could use this as a basis for a full  
role-based authentication and claims system.




-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 9272 bytes
Desc: PGP Public Key
URL: <https://lists.horde.org/archives/dev/attachments/20190310/b1909962/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 821 bytes
Desc: PGP Digital Signature
URL: <https://lists.horde.org/archives/dev/attachments/20190310/b1909962/attachment-0001.bin>