Difference between revisions of "Specification Authentication Using System Credentials"

From Apache OpenOffice Wiki
Jump to: navigation, search
(Created page with '=Use System Credentials for Web Site Authentication= {{Specification_Header|Kai Sommerfeld||Preliminary}} == Abstract == OOo is able to access resources (web sites, ftp sites, …')
 
Line 20: Line 20:
 
| '''Product Requirement, RFE, Issue ID''' (required)
 
| '''Product Requirement, RFE, Issue ID''' (required)
 
| [available/not available]
 
| [available/not available]
| <PLEASE ENTER LOCATION HERE>
+
| [http://qa.openoffice.org/issues/show_bug.cgi?id=104767 i104767]
 
|-
 
|-
 
| '''Accessibility Check''' (required)
 
| '''Accessibility Check''' (required)
Line 55: Line 55:
 
|-
 
|-
 
| '''Quality Assurance'''
 
| '''Quality Assurance'''
| <First Name, Last Name>
+
| Thorsten Martens
| <User@openoffice.org>
+
| tm at openoffice dot org
 
|-
 
|-
 
| '''Documentation'''
 
| '''Documentation'''
| <First Name, Last Name>
+
| Uwe Fischer
| <User@openoffice.org>
+
| ufi at openoffice dot org
 
|-
 
|-
 
| '''User Experience'''
 
| '''User Experience'''
| <First Name, Last Name>
+
| Kai Sommerfeld
| <User@openoffice.org>
+
| kso at openoffice dot org
 
|-
 
|-
 
|}
 
|}
Line 89: Line 89:
 
@@@
 
@@@
  
[[Specification_Template_Help#Detailed_Specification|Help]] | [[UI-Elements|User Interface Element Templates]] | [[Specification_Example|Example Spec]]
+
The new checkbox "use system credentials" allows the user to specify that instead of entering a username/password combination the system credentials of the currently logged in OOo user shall be used to authenticate for the restricted resource. If the checkbox is checked the entry fields for username and password are disabled.
 +
 
 +
The checkbox "remember password" or "remember password until end of session" (according to settings in "Tools/Options/OOo/Security) can be used to specify that the decision to use system credentials for the resource shall be made persistent across OOo restart or only until OOo is quit.
 +
 
 +
In case the information is stored across OOo restart, the URLs of the respective resources can be managed using the "Stored Web Connection Information" dialog (Tools/Options/OOo/Security/Connections). This includes removal of entries. Please note that the button "change password" is disabled if a "system credentials entry" is selected. There is not username stored with this entry, thus it cannot be changed. To visualize that an entry is a "system credentials entry" the dialog displays an asterisk (*) instead of a username.   
 +
 
 +
@@@
  
 
== Accessibility ==
 
== Accessibility ==
 
Accessibility is the responsibility of the I-Team, beginning with UX, DEV and QA, to ensure that the following requirements are fulfilled:  
 
Accessibility is the responsibility of the I-Team, beginning with UX, DEV and QA, to ensure that the following requirements are fulfilled:  
  
# Is the feature '''fully keyboard accessible'''?''<br>(Ex: "I can go everywhere and use every function using the keyboard only"''<br/> ''<nowiki><START TYPING HERE></nowiki>''
+
# Is the feature '''fully keyboard accessible'''?''<br>(Ex: "I can go everywhere and use every function using the keyboard only"''<br/> <nowiki>Yes.</nowiki>
# Have I specified '''visual alternatives''' for the&nbsp;case that the&nbsp;specified feature includes audio as output? <br/> <nowiki><START TYPING HERE></nowiki>
+
# Have I specified '''visual alternatives''' for the&nbsp;case that the&nbsp;specified feature includes audio as output? <br/> <nowiki>n/a</nowiki>
# Are '''text alternatives '''for all icons and graphics available?<br/> <nowiki><Start typing here></nowiki>
+
# Are '''text alternatives '''for all icons and graphics available?<br/> <nowiki>n/a</nowiki>
# '''Don't provide important information in colors alone'''''<br>(Ex: marking important information hard coded in red)''<br/> ''<nowiki><START TYPING HERE></nowiki>''
+
# '''Don't provide important information in colors alone'''''<br>(Ex: marking important information hard coded in red)''<br/> ''<nowiki>Okay.</nowiki>''
# Does the specified feature respect '''system settings''' for '''font, size, and color '''for '''all''' windows and user interface elements? <br/> <nowiki><START TYPING HERE></nowiki>
+
# Does the specified feature respect '''system settings''' for '''font, size, and color '''for '''all''' windows and user interface elements? <br/> <nowiki>Yes.</nowiki>
# Have I ensured that&nbsp;'''flash rates''' do not exceed 2 hertz for blinking text, objects, or other elements? In any case, try to '''avoid flashing '''UI elements<br/> <nowiki><START TYPING HERE></nowiki>
+
# Have I ensured that&nbsp;'''flash rates''' do not exceed 2 hertz for blinking text, objects, or other elements? In any case, try to '''avoid flashing '''UI elements<br/> <nowiki>n/a</nowiki>
# Ensure that assistive technology (AT) (like ZoomText or Orca) is able to read everything.<br/> <nowiki><START TYPING HERE></nowiki>
+
# Ensure that assistive technology (AT) (like ZoomText or Orca) is able to read everything.<br/> <nowiki>Yes.</nowiki>
  
QUESTIONS?
+
== Migration ==
 +
n/a
  
If you need '''help''' while '''designing, implementing or testing''' the accessibility of the UI, ask/visit:
+
== Configuration ==
 +
The configuration schema org.openoffice.Office.Common, group "Passwords" has been extended.
  
# The [http://wiki.services.openoffice.org/wiki/Accessibility_(A11y)_Quick_Test_Check_List accessibility check list at the OpenOffice.org Wiki]
+
<pre>
# [mailto:accessibility@ui.openoffice.org accessibility@ui.openoffice.org] (The accessibility mailing lists, preferred)
+
<prop oor:name="AuthenticateUsingSystemCredentials" oor:type="oor:string-list">
# For specific implementation details, architecture: [mailto:mt@openoffice.org mt@openoffice.org] (Malte Timmermann)
+
    <info>
# For specific UX and testing questions: [mailto:es@openoffice.org es@openoffice.org] (Éric Savary)
+
        <author>KSO</author>
 +
        <desc>Contains a list of URLs that should be accessed using system credentials of the user.</desc>
 +
    </info>
 +
</prop>
 +
</pre>
  
 +
== UNO API ==
 +
New Types:
  
== Migration ==
+
# ''Interface com.sun.star.task.XUrlContainer'' : Storage for arbitrary URLs. Possibility to list, add, remove records. Records lifetime can be either 'persistent' or 'runtime'
<START TYPING HERE --- If this part is irrelevant state a reason for its absence.>
+
  
== Configuration ==
+
# ''Interface com.sun.star.ucb.URLAuthenticationRequest'' : derived from com.sun.star.ucb.URLAuthenticationRequest; Possbility to specify a URL for the resource an authentication request is made for.
<START TYPING HERE --- If this part is irrelevant state a reason for its absence.>
+
 
 +
# ''Interface com.sun.star.ucb.XInteractionSupplyAuthentication2'' : derived from com.sun.star.ucb.XInteractionSupplyAuthentication2; Possibility to specify whether the issuer of the corresponding autentication request shall use system credentials for authentication.
 +
 
 +
Extended Service implementations:
 +
# Service com.sun.star.task.PasswordContainer implementation has been extended to support interface com.sun.star.task.XUrlContainer. The new container can be used to access the persistent (-> confguration item) or runtime (-> memory) entries for the "system credentials" URLs.  
  
[[Specification_Template_Help#Configuration|Help]] | [[Configuration-Table|Configuration Table Template]]
 
  
 
== File Format ==
 
== File Format ==
<START TYPING HERE --- If this part is irrelevant state a reason for its absence.> [[Specification_Template_Help#File_Format|Help]]
+
n/a
 
+
[[Specification_Template_Help#File Format|Help]] | [[File Format Table|File Format Table Template]]
+
  
 
== Open Issues ==
 
== Open Issues ==
<State a bulleted list of issues Issue here>
+
# Not actually an issue, but the feature could greatly be enhanced by supporting more platforms and authentication schemes.
  
 
[[Category:Specification]]
 
[[Category:Specification]]

Revision as of 07:38, 9 September 2009

Use System Credentials for Web Site Authentication

Specification Status
Author Kai Sommerfeld
Last Change
Status (Help) Preliminary

Abstract

OOo is able to access resources (web sites, ftp sites, ...) which require authentication. For this, users have to provide username/password combination. This specification is about an enhancement for OOo that makes it possible (currently under some very certain circumstances) to use the system credentials of the currently active OOo user to authenticate for resource access.

References

Reference Document Check Location (URL)
Prerequisites [passed/failed] n/a
Product Requirement, RFE, Issue ID (required) [available/not available] i104767
Accessibility Check (required) See accessibility section for check list
Test case specification (required) [available/not available] <PLEASE ENTER LOCATION HERE>
IDL Specification [available/not available] <PLEASE ENTER LOCATION HERE>
Software Specification Rules n/a n/a
Other, e.g. references to related specs, Product Concept Document <PLEASE ENTER LOCATION HERE>

Contacts

Role Name E-Mail Address
Developer Kai Sommerfeld kso at openoffice dot org
Quality Assurance Thorsten Martens tm at openoffice dot org
Documentation Uwe Fischer ufi at openoffice dot org
User Experience Kai Sommerfeld kso at openoffice dot org

Acronyms and Abbreviations

Acronym / Abbreviation Definition
NTLM New Technology LAN Manager

Detailed Specification

The "Use System Credentials" feature is only available under certain circumstances:

  • Supported Platforms: Windows (2000, XP, Vista, 7)
  • Supported Protocols: HTTP, HTTPS (incl. WebDAV Extensions)
  • Supported HTTP Authentication Protocols: "NTLM", "Negotiate"

If all of the above requirements are fulfilled while OOo tries to connect to a restricted resource, additional functionality gets available in OOo Password Dialog:

@@@

The new checkbox "use system credentials" allows the user to specify that instead of entering a username/password combination the system credentials of the currently logged in OOo user shall be used to authenticate for the restricted resource. If the checkbox is checked the entry fields for username and password are disabled.

The checkbox "remember password" or "remember password until end of session" (according to settings in "Tools/Options/OOo/Security) can be used to specify that the decision to use system credentials for the resource shall be made persistent across OOo restart or only until OOo is quit.

In case the information is stored across OOo restart, the URLs of the respective resources can be managed using the "Stored Web Connection Information" dialog (Tools/Options/OOo/Security/Connections). This includes removal of entries. Please note that the button "change password" is disabled if a "system credentials entry" is selected. There is not username stored with this entry, thus it cannot be changed. To visualize that an entry is a "system credentials entry" the dialog displays an asterisk (*) instead of a username.

@@@

Accessibility

Accessibility is the responsibility of the I-Team, beginning with UX, DEV and QA, to ensure that the following requirements are fulfilled:

  1. Is the feature fully keyboard accessible?
    (Ex: "I can go everywhere and use every function using the keyboard only"

    Yes.
  2. Have I specified visual alternatives for the case that the specified feature includes audio as output?
    n/a
  3. Are text alternatives for all icons and graphics available?
    n/a
  4. Don't provide important information in colors alone
    (Ex: marking important information hard coded in red)

    Okay.
  5. Does the specified feature respect system settings for font, size, and color for all windows and user interface elements?
    Yes.
  6. Have I ensured that flash rates do not exceed 2 hertz for blinking text, objects, or other elements? In any case, try to avoid flashing UI elements
    n/a
  7. Ensure that assistive technology (AT) (like ZoomText or Orca) is able to read everything.
    Yes.

Migration

n/a

Configuration

The configuration schema org.openoffice.Office.Common, group "Passwords" has been extended.

<prop oor:name="AuthenticateUsingSystemCredentials" oor:type="oor:string-list">
    <info>
        <author>KSO</author>
        <desc>Contains a list of URLs that should be accessed using system credentials of the user.</desc>
    </info>
</prop>

UNO API

New Types:

  1. Interface com.sun.star.task.XUrlContainer : Storage for arbitrary URLs. Possibility to list, add, remove records. Records lifetime can be either 'persistent' or 'runtime'
  1. Interface com.sun.star.ucb.URLAuthenticationRequest : derived from com.sun.star.ucb.URLAuthenticationRequest; Possbility to specify a URL for the resource an authentication request is made for.
  1. Interface com.sun.star.ucb.XInteractionSupplyAuthentication2 : derived from com.sun.star.ucb.XInteractionSupplyAuthentication2; Possibility to specify whether the issuer of the corresponding autentication request shall use system credentials for authentication.

Extended Service implementations:

  1. Service com.sun.star.task.PasswordContainer implementation has been extended to support interface com.sun.star.task.XUrlContainer. The new container can be used to access the persistent (-> confguration item) or runtime (-> memory) entries for the "system credentials" URLs.


File Format

n/a

Open Issues

  1. Not actually an issue, but the feature could greatly be enhanced by supporting more platforms and authentication schemes.
Personal tools