User Registry
This spec will let pre-registered MJP web apps collect a standard User
Identifier (UID) from a designated User Registry URI that
enables single sign-on functionality for all MaineJug web sites. As
an extra feature, it manages property-value pairs on each UID.
Below are some proposed JSPs it would hold, with returns and parameters.
They work properly only for calling web apps that are pre-registered,
or for the owner of the UID.
confirm(caller-ID)
To get a UID it can add to a session, another web app redirects here,
passing in its own caller ID number. The Registry confirm code
then redirects back to a pre-registered URI at that web app, passing as
parameter the needed UID, if known. (It can come from Registry's
own local session iff the user has already logged in there).
login(name, password, caller-ID)
Like confirm, this redirects per caller-ID. If confirm is called and
the user is not yet already logged in, a form posting to login will
keep being displayed by Registry until valid user data is
entered or the user gives up and goes away.
query(prop, UID)
This URI just returns the (String) value of a requested prop for
the UID, in a format letting it be imported. It works, however, only
for referrers with a known caller ID and pre-allocated access rights, or
for a logged-in user at some Registry self-description form.
update(prop, value, UID)
Similar to query, this makes Registry update the value
of the cited prop for the given UID. Similar limitations to query
(but with different rights), provide for needed security. Most props
should be scoped, so each caller-id gets a separate namespace.
sendme(prop, UID)
Email address is one of a few special properties not scoped by caller id.
It should be required, so a user can request that other special prop
values (like name or password) be emailed if they get forgotten.
|
