From 107487236dcc1d6a853f3fdd84eb35bc2401e33b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Thu, 29 Aug 2013 16:08:53 +0300 Subject: [PATCH] docs: add introduction chapter --- docs/reference/introduction.xml | 93 +++++++++++++++++++++++++ docs/reference/libgsignon-glib-docs.xml | 9 +-- 2 files changed, 95 insertions(+), 7 deletions(-) create mode 100644 docs/reference/introduction.xml diff --git a/docs/reference/introduction.xml b/docs/reference/introduction.xml new file mode 100644 index 0000000..44528ba --- /dev/null +++ b/docs/reference/introduction.xml @@ -0,0 +1,93 @@ + + + + + gSSO introduction + + + + What is gSSO? + + gSSO is a framework for centrally storing authentication credentials + and handling authentication on behalf of applications as requested by + them. It consists of a gSSO daemon that implements secure storage of + login credentials (for example usernames and passwords), plugins for + different authentication systems and a client library (libgsignond-glib) + for applications to communicate with this system. + + + By using this client library, an application can authenticate to a + (usually remote) service using an existing set of credentials, and manage + the credentials database as well (subject to access restrictions). + + + Some authentication methods require interaction with the user, for example + to request a username and password, or to show a webpage with which the + user is expected to interact. This functionality is provided by gSSO UI + component, and it's completely invisible from the applications' point + of view. + + + The client library (libgsignond-glib) interacts with gSSO daemon through + D-Bus. These D-Bus APIs should not be used directly as they are not documented, subject + to change and don't come with backwards compatibility guarantees. + + + + Terminology + + gSSO is built around a few key concepts which are explained below: + + + + Authentication service: the top level + object representing the gSSO service. It can be used to query + existing identities, available + authentication menthods and their mechanisms. Authentication + service is represented in the client library by + SignonAuthService objects. + + + + + Identity: This is a local object representing a record in the + credentials DB. It contains information about the username and password (the + latter is write-only), plus some metadata such as a descriptive caption, access + control list, reference count, and other metadata. Identities are identified by + numeric identity IDs and represented in the client library by + SignonIdentity objects. + + + + + Security context: The information that is used by gSSO daemon + to make access control decisions when applications try to access identities + for reading, writing, or starting authentication sessions. Security contexts + consist of two strings: the system context which identifies the application process, + and application context which identifies what the application process is doing. Security + contexts are represented in the client library by + SignonSecurityContext objects. + + + + + Authentication method: the SSO daemon supports different + authentication methods, each implemented by a plugin. Well known examples of + authentication methods include SASL, + or OAuth. Authentication methods + might support different authentication mechanisms, which are method-specific variants of authentication process. + + + + + Authentication session: the process of performing the authentication. + It is represented in the client library by SignonAuthSession objects. + Authentication sessions are started from existing identites. + + + + + + \ No newline at end of file diff --git a/docs/reference/libgsignon-glib-docs.xml b/docs/reference/libgsignon-glib-docs.xml index bdc2300..5234dd7 100644 --- a/docs/reference/libgsignon-glib-docs.xml +++ b/docs/reference/libgsignon-glib-docs.xml @@ -16,14 +16,9 @@ - libgsignon-glib Overview + gSSO Overview - - - libgsignon-glib provides authorization and authentication management for - GLib applications. - - + -- 2.34.1