Tell me

Authentication Module

previous|next

The principal responsibility of an authentication module is to authenticate and validate users and groups against an identity management system.

Customers can implement their own custom identity plug-in to provide an interface between SES and any identity management system that suits their needs. SES will provide the default implementation for OID so that existing implementations will continue to work with no change and datasources that rely on OID. ACLs will not have to do anything special.

Only one identity plug-in can be active at a given time; this plug-in will be responsible for all authentication activities throughout the application.

The developer interface for identity plug-ins will have hierarchical structure based on users and groups. Individual data sources requiring authorization based on the actual user/group model implemented by the currently active identity plug-in can achieve their needs without additional work. This is referred to as an identity-based security model.