CADC User Authorization Model

The CADC User Authorization Model is a model for representing CADC users and groups. The model is used primarily in the GMS and Users Web services.

User Class Features

In the system, a user is uniquely identified by a Principal (in CADC's case that is the CadcPrincipal) but can have a number of other identities for different contexts:

• HttpPrincipal: Web user identity associated with Simple HHTP User Password access.
• X500Principal: X509 certificate identity.
• SShPubKeyPrincipal: An ssh key identity.
• CadcPrincipal: An identity used internally at the CADC.
• CookiePrincipal: Cookie based identity.
• OpenIdPrincipal: An OpenID identity.

Group Class Features

Groups represet associations of users. Members of groups can be groups of users or simple users. groupWrite and groupRead represent the groups that have read and read-and-write permissions to the current group.