Skip to Main Content

Micro Services

Laboratory for Computer Science Research

Web Infrastructure

Managing access to an application and the various abilities of different users can be difficult. Initial configuration can be complex and hard to manage. Updating user permissions can require making changes in many different locations or even changes to underlying code. The LCSR User ID Platform aims to solve these issues by creating an easy-to-use, but extensible, platform for both authentication and authorization.

 

Authentication vs. Authorization

From https://www.onelogin.com…

Authentication (AuthN) is a process that verifies that someone or something is who they say they are. Technology systems typically use some form of authentication to secure access to an application or its data.

Authorization (AuthZ) is the security process that determines a user or service’s level of access. In technology, we use authorization to give users or services permission to access some data or perform a particular action.

Supplements information on the difference between authentication and authorization(img credit: Okta)

Components

The LCSR User ID platform is composed of several components that can be used in conjunction or isolation. Each component handles one of the above processes.

Authentication is managed by the LCSR Identity Services system. The system provides a simple API to log users in to apps via any backend provider. The system enables application developers to decouple themselves from the underlying provider. An application can take advantage of Central Authentication System (CAS) login, Google OAuth 2.0 login, and more.

For more information on the LCSR Identity Services system, seeĀ LCSR Identity Services.

Authorization is managed by the LCSR Authorization Services system. The system provides a clean API that allows application developers to request information about what an authenticated user can do within an application. These pieces of information, dubbed “policies”, are configured through a web UI that allows for easy modifications by technical or non-technical staff. Policies can be based on traits of a given user (e.g. if they’re a certain person or in a certain group) or data provided by external providers (e.g. if they’re a student of a given course).

For more information on the LCSR Authorization Services system, seeĀ LCSR Authorization Services.