...
- Campus IdM will support client_credential grant using
ucsbNetIdandpasswordfor Application Accounts (Service Accounts). - Application Accounts (Service Accounts) Description from ETSC (UCSB isDesk):
> 2018-05-25 10:06:09 - Laurie Branagan (Additional comments)
> App accounts were created to allow for programmatic access to the
> directory without embedding a person's credentials in the application. They
> were not scoped to be used for authorization beyond access to the
> directory. It's understood this utility is somewhat limited.
> If what you're requesting is non-person entities in the directory - That
> feature is on the roadmap document that the Identity Advisory Group drafted
> last year. It has not been implemented. - Campus IdM will support an OAuth 2.0 introspection endpoint.
- Campus IdM will be able to store the
Apigee client_id. - All calls will be over HTTPS.
- Basic Security Requirements
Requirements
| Ticket(s) | Title | User Story | Priority | Notes | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Call Non-Sensitive API | As a Client Developer, I need to authenticate my calls to the Campus API Gateway in order to get access to non-sensitive endpoints (/students/lookups) |
|
| |||||||
| Authenticate Client | As a Campus IdM Admin, I need to authenticate the Client Application before the Campus API Gateway can grant access |
|
| |||||||
| Client Info Storage in Campus API Gateway | As a Campus API Admin, I need to retrieve Client Application information for future request verifications. |
|
|
...
Service Architecture (PowerPoint)
Sequence Diagram (WebSequenceDiagrams Link)
...