Summary Single sign on refers to an end user experience in which a single set

Summary single sign on refers to an end user

This preview shows page 184 - 186 out of 517 pages.

Summary Single sign-on refers to an end-user experience in which a single set of credentials (such as their Google or Facebook username and password) will sign them in to a variety of different services. Third-party authentication using standards such as OAuth is one way to achieve single-sign on: the requesting app can verify the identity of user via an authentication provider, without the user revealing her credentials to the requesting app. The cleanest way to factor out authentication in Rails apps is to abstract the concept of a session. When a user successfully authenticates (perhaps using a framework such as OmniAuth ), a session is created by storing the authenticated user’s id (primary key) in the session[] . When she signs out, the session is destroyed by deleting that information from the session[] . Use attr_protected and attr_accessible to identify model attributes that are “sensitive” and should be excluded from mass assignment via a hash, such as user ID information used for session management or authentication. ELABORATION: SSO side effects In some cases, using SSO enables other features as well; for example, Facebook Connect enables sites to take advantage of Facebook’s social network, so that (for example) Bob can see which New York Times articles his friends have been reading once he authenticates himself to the New York Times using Facebook. While these appealing features further strengthen the case for using SSO rather than “rolling your own” authentication, they are separate from the basic concept of SSO, on which this discussion focuses. Self-Check 5.2.1. Briefly describe how RottenPotatoes could let you log in with your Twitter ID without you having to reveal your Twitter password to RottenPotatoes. RottenPotatoes redirects you to a page hosted by Twitter where you log in as usual. The redirect includes a URL to which Twitter posts back a message confirming that you’ve authenticated yourself and specifying what actions RottenPotatoes may take on your behalf as a Twitter user. Self-Check 5.2.2. True or false: If you log in to RottenPotatoes using your Twitter ID, RottenPotatoes
Image of page 184
becomes capable of tweeting using your Twitter ID. False: authentication is separate from permissions. Most third-party authentication providers, including Twitter, allow the requesting app to ask for permission to do specific things, and leave it up to the user to decide whether to allow it. 5.3 Associations and Foreign Keys An association is a logical relationship between two types of entities in a software architecture. For example, we might add Review and Moviegoer classes to RottenPotatoes to allow individual users to write reviews of their favorite movies; we could do this by establishing a one-to-many association from reviews to movies (each review is about exactly one movie) and from reviews to moviegoers (each review is authored by exactly one moviegoer). Figure 5.11 shows these associations using one type of Unified Modeling Language (UML) diagram. We will see more examples of UML in Chapter 11 .
Image of page 185
Image of page 186

You've reached the end of your free preview.

Want to read all 517 pages?

  • Spring '19
  • Dr.Marcos

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors