<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>
	CADC User Authorization Model
</title>
</head>

<body>

<div class="main">

<h1>CADC User Authorization Model</h1>

<p>The CADC User Authorization Model is a model for representing CADC users and groups. The model is used primarily in the GMS and Users Web services.
</p>

<a href="uml/UserAuth.png">  <img src="uml/UserAuth.png" alt="CADC User Authorization Model"></a>

<h2>User Class Features </h2>
In the system, a user is uniquely identified by a Principal (in CADC's case that is the CadcPrincipal) but can have a number of other  identities for different contexts:
<ul>
    <li>HttpPrincipal: Web user identity associated with Simple HHTP User Password access.</li>
    <li>X500Principal: X509 certificate identity. </li>
    <li>SShPubKeyPrincipal: An ssh key identity. </li>
    <li>CadcPrincipal: An identity used internally at the CADC. </li>
    <li>CookiePrincipal: Cookie based identity. </li>
    <li>OpenIdPrincipal: An OpenID identity. </li>
</ul>

<h2>Group Class Features</h2>
Groups represet associations of users. Members of groups can be groups of users or simple users. groupWrite and groupRead represent the groups that have read and read-and-write permissions to the current group. 

</body>
</html>