ACLOCAL_AMFLAGS = -I m4
-# --enable-distcheck is here to make it possible to use
-# also --enable-dbus-type=session here
+# configure flags used in by distcheck
AM_DISTCHECK_CONFIGURE_FLAGS = \
--enable-distcheck \
+ --enable-dbus-type=p2p\
--enable-tests
-SUBDIRS = src test examples
+if ENABLE_GTK_DOC
+AM_DISTCHECK_CONFIGURE_FLAGS += \
+ --enable-gtk-doc
+endif
+
+SUBDIRS = src test examples docs
EXTRA_DIST = dists tools
#!/bin/sh -e
+# This file is part of gum
+#
+# Copyright (C) 2013 Intel Corporation.
+#
+# Contact: Imran Zaman <imran.zaman@intel.com>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+
srcdir=`dirname $0`
test -z "$srcdir" && srcdir=.
+if which gtkdocize >/dev/null 2>/dev/null; then
+ gtkdocize --docdir docs/
+else
+ rm -f docs/gtk-doc.make
+ echo 'EXTRA_DIST =' > docs/gtk-doc.make
+fi
+
aclocal #-I m4
-autoheader
-libtoolize --copy --force
-autoconf
+autoheader
+libtoolize --copy --force
+autoconf
automake --add-missing --copy
-autoreconf --install --force
-. $srcdir/configure "$@"
+
+autoreconf --force --install --symlink
+
+./configure "$@"
AM_CONDITIONAL(HAVE_DEBUG, [test x$enable_debug = xyes])
# Gtk-doc
-GTK_DOC_CHECK
+GTK_DOC_CHECK([1.18],[--flavour no-tmpl])
# Checks for typedefs, structures, and compiler characteristics.
GUM_CFLAGS='$(GLIB_CFLAGS) -D_POSIX_C_SOURCE=\"200809L\" -D_GNU_SOURCE -D_REENTRANT -D_THREAD_SAFE'
src/lib/Makefile
src/lib/libgum.pc
src/lib/libgum-uninstalled.pc
+docs/Makefile
+docs/version.xml
test/Makefile
test/common/Makefile
test/daemon/Makefile
--- /dev/null
+## Process this file with automake to produce Makefile.in
+
+# We require automake 1.6 at least.
+AUTOMAKE_OPTIONS = 1.6
+
+# This is a blank Makefile.am for using gtk-doc.
+# Copy this to your project's API docs directory and modify the variables to
+# suit your project. See the GTK+ Makefiles in gtk+/docs/reference for examples
+# of using the various options.
+
+# The name of the module, e.g. 'glib'.
+DOC_MODULE=gumd
+
+# Uncomment for versioned docs and specify the version of the module, e.g. '2'.
+#DOC_MODULE_VERSION=2
+
+
+# The top-level SGML file. You can change this if you want to.
+DOC_MAIN_SGML_FILE=$(DOC_MODULE)-docs.sgml
+
+# Directories containing the source code.
+# gtk-doc will search all .c and .h files beneath these paths
+# for inline comments documenting functions and macros.
+# e.g. DOC_SOURCE_DIR=$(top_srcdir)/gtk $(top_srcdir)/gdk
+#DOC_SOURCE_DIR=$(top_srcdir)/include\
+#$(top_srcdir)/src/common\
+#$(top_srcdir)/src/lib
+
+# Extra options to pass to gtkdoc-scangobj. Not normally needed.
+SCANGOBJ_OPTIONS=
+
+# Extra options to supply to gtkdoc-scan.
+# e.g. SCAN_OPTIONS=--deprecated-guards="GTK_DISABLE_DEPRECATED"
+SCAN_OPTIONS=
+
+# Extra options to supply to gtkdoc-mkdb.
+# e.g. MKDB_OPTIONS=--xml-mode --output-format=xml
+MKDB_OPTIONS=--xml-mode --output-format=xml
+
+# Extra options to supply to gtkdoc-mktmpl
+# e.g. MKTMPL_OPTIONS=--only-section-tmpl
+MKTMPL_OPTIONS=
+
+# Extra options to supply to gtkdoc-mkhtml
+MKHTML_OPTIONS=
+
+# Extra options to supply to gtkdoc-fixref. Not normally needed.
+# e.g. FIXXREF_OPTIONS=--extra-dir=../gdk-pixbuf/html --extra-dir=../gdk/html
+FIXXREF_OPTIONS=
+
+# Used for dependencies. The docs will be rebuilt if any of these change.
+# e.g. HFILE_GLOB=$(top_srcdir)/gtk/*.h
+# e.g. CFILE_GLOB=$(top_srcdir)/gtk/*.c
+HFILE_GLOB=
+CFILE_GLOB=
+
+# Extra header to include when scanning, which are not under DOC_SOURCE_DIR
+# e.g. EXTRA_HFILES=$(top_srcdir}/contrib/extra.h
+EXTRA_HFILES=
+
+# Header files or dirs to ignore when scanning. Use base file/dir names
+# e.g. IGNORE_HFILES=gtkdebug.h gtkintl.h private_code
+IGNORE_HFILES=\
+gum-internals.h\
+gum-user-service.h\
+gum-group-service.h
+
+# Images to copy into HTML directory.
+# e.g. HTML_IMAGES=$(top_srcdir)/gtk/stock-icons/stock_about_24.png
+HTML_IMAGES=
+
+# Extra SGML files that are included by $(DOC_MAIN_SGML_FILE).
+# e.g. content_files=running.sgml building.sgml changes-2.0.sgml
+content_files=building.xml
+
+# SGML files where gtk-doc abbrevations (#GtkWidget) are expanded
+# These files must be listed here *and* in content_files
+# e.g. expand_content_files=running.sgml
+expand_content_files=
+
+# CFLAGS and LDFLAGS for compiling gtkdoc-scangobj with your library.
+# Only needed if you are using gtkdoc-scangobj to dynamically query widget
+# signals and properties.
+# e.g. GTKDOC_CFLAGS=-I$(top_srcdir) -I$(top_builddir) $(GTK_DEBUG_FLAGS)
+# e.g. GTKDOC_LIBS=$(top_builddir)/gtk/$(gtktargetlib)
+GTKDOC_CFLAGS=
+
+GTKDOC_LIBS=\
+ $(top_builddir)/src/common/libgum-common.la\
+ $(top_builddir)/src/lib/libgum.la
+
+# This includes the standard gtk-doc make rules, copied by gtkdocize.
+include $(top_srcdir)/docs/gtk-doc.make
+
+# Other files to distribute
+# e.g. EXTRA_DIST += version.xml.in
+EXTRA_DIST +=
+
+# Files not to distribute
+# for --rebuild-types in $(SCAN_OPTIONS), e.g. $(DOC_MODULE).types
+# for --rebuild-sections in $(SCAN_OPTIONS) e.g. $(DOC_MODULE)-sections.txt
+#DISTCLEANFILES +=
+
+# Comment this out if you want 'make check' to test you doc status
+# and run some sanity checks
+if ENABLE_GTK_DOC
+include $(top_srcdir)/test/test_common.mk
+TESTS = $(GTKDOC_CHECK)
+endif
+
+CLEANFILES += $(DOC_MODULE)-*.txt $(DOC_MODULE).types
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+<refentry id="um-building">
+ <refmeta>
+ <refentrytitle>Building and installing the user management daemon (gumd)
+ and client library (libgum).
+ </refentrytitle>
+ <manvolnum>3</manvolnum>
+ <refmiscinfo>Gumd</refmiscinfo>
+ </refmeta>
+
+ <refsect1 id="building">
+ <title>Building gumd and libgum</title>
+ <para>
+ gumd and libgum uses the standard GNU build system,
+ using <application>autoconf</application> for package
+ configuration and resolving portability issues,
+ <application>automake</application> for building makefiles
+ that comply with the GNU Coding Standards, and
+ <application>libtool</application> for building shared
+ libraries on multiple platforms. The normal sequence for
+ compiling and installing gumd and libgum from distribution tarballs is
+ thus:
+
+ <literallayout>
+ <userinput>./configure</userinput>
+ <userinput>make</userinput>
+ <userinput>make install</userinput>
+ </literallayout>
+
+ If you have obtained the source code directly from git repository,
+ execute the <command>./autogen.sh</command> script
+ before the steps above.
+ </para>
+
+ <para>
+ The standard options provided by <application>GNU
+ autoconf</application> may be passed to the
+ <command>configure</command> script. Please see the
+ <application>autoconf</application> documentation or run
+ <command>./configure --help</command> for information about
+ the standard options.
+ </para>
+
+ </refsect1>
+ <refsect1 id="dependencies">
+ <title>Dependencies</title>
+ <para>
+ Before you can compile gumd and libgum, you need to have
+ various other tools and libraries installed on your
+ system. The two tools needed during the build process
+ are <command>pkg-config</command> and
+ <ulink url="http://www.gnu.org/software/make">GNU make</ulink>.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <ulink url="http://www.freedesktop.org/software/pkgconfig/">
+ pkg-config
+ </ulink>
+ is a tool for tracking the compilation flags needed for
+ libraries that are used by the gumd and libgum. (For each
+ library, a small <literal>.pc</literal> text file is
+ installed in a standard location that contains the compilation
+ flags needed for that library along with version number
+ information.)
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ gumd depends on a number of other libraries.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The <ulink url="https://developer.gnome.org/glib/">GLib
+ library</ulink> is the development framework that gumd and libgum
+ is built on.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The <ulink url="http://check.sourceforge.net/">check library</ulink>
+ provides a unit testing framework. It is needed only if you would
+ like to run unit tests with <command>make check</command>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The
+ <ulink url="http://www.freedesktop.org/software/systemd/man/">
+ Systemd
+ </ulink>
+ provides dbus login apis that gumd is using for
+ querying/terminating users sessions e.g. when a user is deleted.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ </refsect1>
+ <refsect1 id="extra-configuration-options">
+ <title>Extra Configuration Options</title>
+
+ <para>
+ In addition to the normal options, the
+ <command>configure</command> script supports these additional arguments:
+ </para>
+
+ <formalpara>
+ <title><systemitem>--enable-debug</systemitem></title>
+
+ <para>
+ Turns on debugging support. This allows setting environment
+ variables to influence the runtime behaviour of gumd and libgum
+ (see <link linkend="GumConfig">GumConfig</link>).
+ </para>
+ </formalpara>
+
+ <formalpara>
+ <title><systemitem>--enable-tests</systemitem></title>
+
+ <para>
+ This enables unit tests and implicitly enables debugging support as
+ well.
+ </para>
+ </formalpara>
+
+ <formalpara>
+ <title><systemitem>--enable-dbus-type=dbus-type</systemitem></title>
+
+ <para>
+ Sets the way in which libgum is using DBus to communicate with
+ gumd. <systemitem>dbus-type</systemitem> can be one of
+ <itemizedlist>
+ <listitem>
+ <para>
+ <systemitem>'p2p'</systemitem> which is the default value.
+ Gumd will use direct connection over a UNIX domain socket
+ with the client library without involving the DBus daemon.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>'session'</systemitem> which will use the session bus.
+ This is not recommended to use because session bus isn't secure
+ against eavesdropping, but it can be used for debugging purposes,
+ as it allows the use of standard tools such as
+ <command>dbus-monitor</command>, <command>d-feet</command> and
+ so on.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>'system'</systemitem> which will use the system bus.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </formalpara>
+
+ </refsect1>
+ <refsect1 id="building-packages">
+ <title>Building distribution packages</title>
+
+ <para>
+ Instead of running <command>make install</command> to install gumd and
+ libgum into a system location it is possible to build
+ distribution-specific packages. <filename>dists/</filename> directory
+ in the source tree contains a number of package confuguration files,
+ and to use them also a distribution tarball is needed. If you are
+ building from a git tree, use <command>make dist</command> to create
+ such a tarball.
+ </para>
+ </refsect1>
+
+</refentry>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+<refentry id="gumd-examples">
+ <refmeta>
+ <refentrytitle>gumd usage examples</refentrytitle>
+ </refmeta>
+
+ <refsect1 id="intro">
+ <title>Introduction</title>
+ <para>
+ libgsignond-glib comes with an example application <application>gsso-example</application>
+ that demonstrates the most common use cases: listing available authentication methods and
+ their mechanisms, creating and removing identities and performing authentication
+ sessions.
+ </para>
+ <para>
+ Before running the example application, make sure that gSSO daemon and
+ gSSO UI (that is appropriate for your system) are installed and configured
+ correctly.
+ </para>
+ <para>
+ The source code for the example application is available at
+ <ulink url="http://code.google.com/p/accounts-sso/source/browse/examples/gsso-example.c?repo=libgsignon-glib&name=master">
+ http://code.google.com/p/accounts-sso/source/browse/examples/gsso-example.c?repo=libgsignon-glib&name=master</ulink>
+ </para>
+ <para>
+ The full list of available <application>gsso-example</application> options can be
+ obtained with <userinput>gsso-example --help-all</userinput>
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Authentication methods and mechanisms</title>
+ <para>
+ The list of available authentication methods can be obtained with
+ <userinput>--query-methods</userinput>:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --query-methods</userinput>:
+Available authentication methods:
+ password
+ oauth
+ digest
+ </computeroutput></literallayout>
+ </para>
+ <para>
+ For each of the available authentication methods it's possible to query
+ available authentication mechanisms with
+ <userinput>gsso-example --query-mechanisms=method</userinput>:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --query-mechanisms=oauth</userinput>
+Available authentication mechanisms for method oauth:
+ oauth1
+ oauth2
+ </computeroutput></literallayout>
+ </para>
+
+ </refsect1>
+ <refsect1>
+ <title>Identity management</title>
+ <para>
+ The list of stored identities that the gsso-example application is allowed
+ to use can be obtained with <userinput>gsso-example --query-identities</userinput>:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --query-identities</userinput>
+Available identities:
+ id=27 caption='My test identity'
+ id=28 caption='Another test identity'
+ </computeroutput></literallayout>
+ </para>
+ <para>
+ To create an identity, use <userinput>--create-identity</userinput> option
+ with identity caption (user-readable name) and <userinput>--identity-method</userinput>
+ with the authentication method that the identity will be using.
+ <literallayout><computeroutput>
+<userinput>> gsso-example --create-identity="My test identity" --identity-method=password</userinput>
+Identity stored with id 28
+ </computeroutput></literallayout>
+ </para>
+ <para>
+ To remove an identity, use <userinput>--remove-identity</userinput> option
+ with identity id:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --remove-identity=28</userinput>
+Identity removed
+ </computeroutput></literallayout>
+ </para>
+ </refsect1>
+ <refsect1>
+ <title>Using 'password' authentication method</title>
+ <para>
+ 'password' authentication simply returns to the application the username
+ and the password associated with an identity. If they haven't been stored
+ in gSSO secret database, they're asked from the user through gSSO UI.
+ </para>
+ <para>
+ To use the method, first create an identity with authentication method
+ set to 'password' (as shown above), note its identitiy id and then run:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --get-password=27</userinput>
+Geting password
+Got response: {'UserName': <'megauser'>, 'Secret': <'megapassword'>}
+ </computeroutput></literallayout>
+ </para>
+ </refsect1>
+ <refsect1>
+ <title>Using 'oauth' authentication method</title>
+ <para>
+ 'oauth' authentication method is used to obtain an OAuth1 or OAuth2
+ authentication token from a remote service over HTTP. An application
+ needs to supply a few service-specific parameters when initiating the
+ authentication. gSSO example application supports obtaining an oauth
+ token from Google service (google-specific parameters are hardcoded
+ into the app source code).
+ </para>
+ <para>
+ Obtaining an OAuth token may also include authorization of the application
+ by the user, which is done through user interaction with the service webpages
+ that are shown by gSSO UI. From the application point of view this authorization
+ happens completely transparently behind the scenes.
+ </para>
+ <para>
+ Before trying the example, if you're behind a proxy, and are using
+ the Gtk-based gSSO UI, make sure that your GNOME proxy settings are
+ correctly configured, either via GNOME UI, or via command line:
+ <literallayout><computeroutput>
+<userinput>> gsettings list-recursively org.gnome.system.proxy</userinput>
+ </computeroutput></literallayout>
+ To set the proxy, use:
+ <literallayout><computeroutput>
+<userinput>> gsettings set org.gnome.system.proxy mode 'manual'
+> gsettings set org.gnome.system.proxy.http port 8080
+> gsettings set org.gnome.system.proxy.http host 'myproxy.domain.lan'</userinput>
+ </computeroutput></literallayout>
+ To disable the proxy, use
+ <literallayout><computeroutput>
+<userinput>> gsettings set org.gnome.system.proxy mode 'none'</userinput>
+ </computeroutput></literallayout>
+ See all available configurations keys here:
+ <ulink url="http://developer.gnome.org/ProxyConfiguration/">
+ http://developer.gnome.org/ProxyConfiguration/</ulink>
+ </para>
+ <para>
+ You would also need a client identifier and key from Google. Instructions
+ about how to get them are available at
+ <ulink url="https://developers.google.com/console/help/#generatingoauth2">https://developers.google.com/console/help/#generatingoauth2</ulink>
+ </para>
+ <para>
+ Once the above are settled, create an identity with 'oauth' method
+ (as shown above) and issue:
+ <literallayout><computeroutput>
+<userinput>> gsso-example --get-google-token=12 --client-id=xxxxxxx.apps.googleusercontent.com --client-secret=yyyyyyyyyyyyy</userinput>
+Geting token
+Got response: {'Scope': <'email'>, 'AccessToken': <'tokenvalue'>,
+ 'TokenParameters': <@a{sv} {}>, 'TokenType': <'Bearer'>,
+ 'RefreshToken': <'refreshtokenvalue'>, 'Duration': <int64 3600>,
+ 'Timestamp': <int64 1377707888>}
+ </computeroutput></literallayout>
+ </para>
+ </refsect1>
+</refentry>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
+[
+ <!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'">
+]>
+<book id="index">
+ <bookinfo>
+ <title>gumd and libgum API Reference Manual</title>
+ <releaseinfo> This document is for gumd and libgum, version &version;.
+ </releaseinfo>
+ </bookinfo>
+
+ <part id="um-overview">
+ <title>User management Overview</title>
+
+ <xi:include href="introduction.xml"/>
+ <xi:include href="examples.xml"/>
+ </part>
+
+ <part id="um-common">
+ <title>Common</title>
+ <chapter>
+ <xi:include href="building.xml"/>
+ </chapter>
+
+ <chapter>
+ <title>Miscellaneous</title>
+ <xi:include href="xml/gum-error.xml"/>
+ <xi:include href="xml/gum-log.xml"/>
+ <xi:include href="xml/gum-utils.xml"/>
+ </chapter>
+ </part>
+
+ <part id="um-gumd">
+ <title>gumd</title>
+
+ <chapter>
+ <title>gumd configuration</title>
+ <xi:include href="xml/gum-config.xml"/>
+ <xi:include href="xml/gum-config-general.xml"/>
+ <xi:include href="xml/gum-config-dbus.xml"/>
+ </chapter>
+ </part>
+
+ <part id="um-objects">
+ <title>gumd and libgum Objects</title>
+ <chapter id="object-tree">
+ <title>Object Hierarchy</title>
+ <xi:include href="xml/tree_index.sgml"/>
+ </chapter>
+ </part>
+
+ <part id="appendices">
+ <title>Appendices</title>
+ <index id="api-index-full">
+ <title>API Index</title>
+ <xi:include href="xml/api-index-full.xml">
+ <xi:fallback />
+ </xi:include>
+ </index>
+
+ <index id="deprecated-api-index" role="deprecated">
+ <title>Index of deprecated API</title>
+ <xi:include href="xml/api-index-deprecated.xml">
+ <xi:fallback />
+ </xi:include>
+ </index>
+
+ <xi:include href="xml/annotation-glossary.xml">
+ <xi:fallback />
+ </xi:include>
+ </part>
+
+</book>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+<refentry id="um-intro">
+ <refmeta>
+ <refentrytitle>gumd introduction</refentrytitle>
+ </refmeta>
+
+ <refsect1>
+ <title>What is gumd?</title>
+ <para>
+ gumd is a framework for centrally storing authentication credentials
+ and handling authentication on behalf of applications as requested by
+ them. It consists of a gumd daemon that implements secure storage of
+ login credentials (for example usernames and passwords), plugins for
+ different authentication systems and a client library (libgsignond-glib)
+ for applications to communicate with this system.
+ </para>
+ <para>
+ By using this client library, an application can authenticate to a
+ (usually remote) service using an existing set of credentials, and manage
+ the credentials database as well (subject to access restrictions).
+ </para>
+ <para>
+ Some authentication methods require interaction with the user, for example
+ to request a username and password, or to show a webpage with which the
+ user is expected to interact. This functionality is provided by gumd UI
+ component, and it's completely invisible from the applications' point
+ of view.
+ </para>
+ <para>
+ The client library (libgsignond-glib) interacts with gumd daemon through
+ D-Bus. These D-Bus APIs should not be used directly as they are not documented, subject
+ to change and don't come with backwards compatibility guarantees.
+ </para>
+ </refsect1>
+ <refsect1>
+ <title>Terminology</title>
+ <para>
+ gumd is built around a few key concepts which are explained below:
+ <itemizedlist>
+ <listitem>
+ <para>
+ <systemitem>Authentication service</systemitem>: the top level
+ object representing the gumd service. It can be used to query
+ existing identities, available
+ authentication menthods and their mechanisms. Authentication
+ service is represented in the client library by
+ <link linkend="SignonAuthService">SignonAuthService objects</link>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>Identity</systemitem>: This is a local object representing a record in the
+ credentials DB. It contains information about the username and password (the
+ latter is write-only), plus some metadata such as a descriptive caption, access
+ control list, reference count, and other metadata. Identities are identified by
+ numeric identity IDs and represented in the client library by <link linkend="SignonIdentity">
+ SignonIdentity</link> objects.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>Security context</systemitem>: The information that is used by gumd daemon
+ to make access control decisions when applications try to access identities
+ for reading, writing, or starting authentication sessions. Security contexts
+ consist of two strings: the system context which identifies the application process,
+ and application context which identifies what the application process is doing. Security
+ contexts are represented in the client library by <link linkend="SignonSecurityContext">
+ SignonSecurityContext</link> objects.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>Authentication method</systemitem>: the SSO daemon supports different
+ authentication methods, each implemented by a plugin. Well known examples of
+ authentication methods include <ulink url="http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer">SASL</ulink>,
+ or <ulink url="http://en.wikipedia.org/wiki/Oauth">OAuth</ulink>. Authentication methods
+ might support different authentication mechanisms, which are method-specific variants of authentication process.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>Authentication session</systemitem>: the process of performing the authentication.
+ It is represented in the client library by <link linkend="SignonAuthSession">SignonAuthSession objects</link>.
+ Authentication sessions are started from existing identites.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </refsect1>
+</refentry>
\ No newline at end of file
--- /dev/null
+@PACKAGE_VERSION@