Revision efdc8b01
b/docs/design/pithos-view-authorization.rst | ||
---|---|---|
18 | 18 |
|
19 | 19 |
Pithos view registration to astakos |
20 | 20 |
=================================== |
21 |
The pithos view has to authenticate itself with astakos since the later has to |
|
21 |
The pithos view has to authenticate itself with astakos since the latter has to
|
|
22 | 22 |
prevent serving requests by unknown/unauthorized clients. |
23 | 23 |
|
24 | 24 |
Each oauth client is identified by a client identifier (client_id). Moreover, |
... | ... | |
75 | 75 |
If valid, astakos responds back with an short-term access token. |
76 | 76 |
#. The view exchanges with astakos the access token for the information of the |
77 | 77 |
user to whom the authoritativeness was granted. |
78 |
#. The view responses with the resource contents if the user has access to the
|
|
78 |
#. The view responds with the resource contents if the user has access to the
|
|
79 | 79 |
specific resource. |
80 | 80 |
|
81 | 81 |
|
... | ... | |
177 | 177 |
(without the access token or the authorization code) in order to re-initiate |
178 | 178 |
the procedure by requesting an new authorization code. |
179 | 179 |
|
180 |
In the later case the view proceeds with the request and if the user has access |
|
180 |
In the latter case the view proceeds with the request and if the user has access
|
|
181 | 181 |
to the requested resource the resource's data are returned, otherwise the |
182 | 182 |
access to resource is forbidden. |
183 | 183 |
|
Also available in: Unified diff