Hi,
There has been some discussion at Manchester about using uPortal for
displaying sensitive personal information (HR and salary information).
We currently authenticate to the portal using standard university
credentials via the institutional LDAP service. The problem is that
these credentials are 'not that secure'.
Historically these credentials have been used over HTTP and we feel some
users may share their password with others. Going forward, the use of
CAS and better user education should improve this situation.
However we been thinking of using step-up authentication. Similar to the
approach used by on-line banking sites. This second level authentication
could possibly use a separate password and possibly ask for random
characters rather than the whole password and possibly be built around a
CAS infrastructure.
From the Portlet perspective I was thinking that it wold be nice to
have this taken care of by the Portal. I was thinking that a step-up
authentication service could be defined in a similar way to the current
authentication service in security.properties and the Portal would
provide the authentication UI.
I was initially thinking about a custom mode e.g. a 'secure' mode. When
the Portlet switches to this mode, the Portal would ask for the second
level credentials.
However after referring back to the JSR-168 spec, I think this may also
be possible to use security constraints.
So I'd like to start a discussion about whether this is a good idea,
how could it be implemented. Can this be done within the JSR-168 /
JSR-286 spec?
Cheers,
Anthony.
---
You are currently subscribed to
uportal-user@... as:
lists@...
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/uportal-user
