diff options
author | Melanie | 2009-08-29 17:37:41 +0100 |
---|---|---|
committer | Melanie | 2009-08-29 17:37:41 +0100 |
commit | dce04df4f229cbf5636a096c834202dec7cd1765 (patch) | |
tree | c0c10b2472163df93dcb0e4d105a6e921cc84379 /OpenSim/Services/Interfaces/IAuthenticationService.cs | |
parent | Add a slow cache cleaner thread. By default, the thread starts a cleanup (diff) | |
download | opensim-SC-dce04df4f229cbf5636a096c834202dec7cd1765.zip opensim-SC-dce04df4f229cbf5636a096c834202dec7cd1765.tar.gz opensim-SC-dce04df4f229cbf5636a096c834202dec7cd1765.tar.bz2 opensim-SC-dce04df4f229cbf5636a096c834202dec7cd1765.tar.xz |
Redesign the IAuthenticationService interface to use PKI. Sessioning is
now in the domain of the presence module where it belongs.
Diffstat (limited to 'OpenSim/Services/Interfaces/IAuthenticationService.cs')
-rw-r--r-- | OpenSim/Services/Interfaces/IAuthenticationService.cs | 108 |
1 files changed, 70 insertions, 38 deletions
diff --git a/OpenSim/Services/Interfaces/IAuthenticationService.cs b/OpenSim/Services/Interfaces/IAuthenticationService.cs index 2402414..d473cf8 100644 --- a/OpenSim/Services/Interfaces/IAuthenticationService.cs +++ b/OpenSim/Services/Interfaces/IAuthenticationService.cs | |||
@@ -38,57 +38,89 @@ namespace OpenSim.Services.Interfaces | |||
38 | // | 38 | // |
39 | public interface IAuthenticationService | 39 | public interface IAuthenticationService |
40 | { | 40 | { |
41 | ////////////////////////////////////////////////// | 41 | ////////////////////////////////////////////////////// |
42 | // Web login key portion | 42 | // PKI Zone! |
43 | // | 43 | // |
44 | 44 | // HG2 authentication works by using a cryptographic | |
45 | // Get a service key given that principal's | 45 | // exchange. |
46 | // authentication token (master key). | 46 | // This method must provide a public key, the other |
47 | // crypto methods must understand hoow to deal with | ||
48 | // messages encrypted to it. | ||
47 | // | 49 | // |
48 | string GetKey(UUID principalID, string authToken); | 50 | // If the public key is of zero length, you will |
49 | 51 | // get NO encryption and NO security. | |
50 | // Verify that a principal key is valid | 52 | // |
53 | // For non-HG installations, this is not relevant | ||
51 | // | 54 | // |
52 | bool VerifyKey(UUID principalID, string key); | 55 | // Implementors who are not using PKI can treat the |
56 | // cyphertext as a string and provide a zero-length | ||
57 | // key. Encryptionless implementations will not | ||
58 | // interoperate with implementations using encryption. | ||
59 | // If one side uses encryption, both must do so. | ||
60 | // | ||
61 | byte[] GetPublicKey(); | ||
53 | 62 | ||
54 | ////////////////////////////////////////////////// | 63 | ////////////////////////////////////////////////////// |
55 | // Password auth portion | 64 | // Authentication |
65 | // | ||
66 | // These methods will return a token, which can be used to access | ||
67 | // various services. | ||
68 | // | ||
69 | // The encrypted versions take the received cyphertext and | ||
70 | // the public key of the peer, which the connector must have | ||
71 | // obtained using a remote GetPublicKey call. | ||
56 | // | 72 | // |
73 | string AuthenticatePassword(UUID principalID, string password); | ||
74 | byte[] AuthenticatePasswordEncrypted(byte[] cyphertext, byte[] key); | ||
57 | 75 | ||
58 | // Here's how thos works, and why. | 76 | string AuthenticateWebkey(UUID principalID, string webkey); |
59 | // | 77 | byte[] AuthenticateWebkeyEncrypted(byte[] cyphertext, byte[] key); |
60 | // The authentication methods will return the existing session, | ||
61 | // or UUID.Zero if authentication failed. If there is no session, | ||
62 | // they will create one. | ||
63 | // The CreateUserSession method will unconditionally create a session | ||
64 | // and invalidate the prior session. | ||
65 | // Grid login uses this method to make sure that the session is | ||
66 | // fresh and new. Other software, like management applications, | ||
67 | // can obtain this existing session if they have a key or password | ||
68 | // for that account, this allows external apps to obtain credentials | ||
69 | // and use authenticating interface methods. | ||
70 | // | ||
71 | |||
72 | // Check the pricipal's password | ||
73 | // | ||
74 | UUID AuthenticatePassword(UUID principalID, string password); | ||
75 | 78 | ||
76 | // Check the principal's key | 79 | ////////////////////////////////////////////////////// |
80 | // Verification | ||
77 | // | 81 | // |
78 | UUID AuthenticateKey(UUID principalID, string password); | 82 | // Allows to verify the authenticity of a token |
83 | // | ||
84 | // Tokens expire after 30 minutes and can be refreshed by | ||
85 | // re-verifying. | ||
86 | // | ||
87 | // If encrypted authentication was used, encrypted verification | ||
88 | // must be used to refresh. Unencrypted verification is still | ||
89 | // performed, but doesn't refresh token lifetime. | ||
90 | // | ||
91 | bool Verify(UUID principalID, string token); | ||
92 | bool VerifyEncrypted(byte[] cyphertext, byte[] key); | ||
79 | 93 | ||
80 | // Create a new session, invalidating the old ones | 94 | ////////////////////////////////////////////////////// |
95 | // Teardown | ||
96 | // | ||
97 | // A token can be returned before the timeout. This | ||
98 | // invalidates it and it can not subsequently be used | ||
99 | // or refreshed. | ||
100 | // | ||
101 | // Tokens created by encrypted authentication must | ||
102 | // be returned by encrypted release calls; | ||
81 | // | 103 | // |
82 | UUID CreateUserSession(UUID principalID, UUID oldSessionID); | 104 | bool Release(UUID principalID, string token); |
105 | bool ReleaseEncrypted(byte[] cyphertext, byte[] key); | ||
83 | 106 | ||
84 | // Verify that a user session ID is valid. A session ID is | 107 | ////////////////////////////////////////////////////// |
85 | // considered valid when a user has successfully authenticated | 108 | // Grid |
86 | // at least one time inside that session. | ||
87 | // | 109 | // |
88 | bool VerifyUserSession(UUID principalID, UUID sessionID); | 110 | // We no longer need a shared secret between grid |
111 | // servers. Anything a server requests from another | ||
112 | // server is either done on behalf of a user, in which | ||
113 | // case there is a token, or on behalf of a region, | ||
114 | // which has a session. So, no more keys. | ||
115 | // If sniffing on the local lan is an issue, admins | ||
116 | // need to take approriate action (IPSec is recommended) | ||
117 | // to secure inter-server traffic. | ||
89 | 118 | ||
90 | // Deauthenticate user | 119 | ////////////////////////////////////////////////////// |
120 | // NOTE | ||
91 | // | 121 | // |
92 | bool DestroyUserSession(UUID principalID, UUID sessionID); | 122 | // Session IDs are not handled here. After obtaining |
123 | // a token, the session ID regions use can be | ||
124 | // obtained from the presence service. | ||
93 | } | 125 | } |
94 | } | 126 | } |