{ "info": { "author": "Edwin Bahrami Balani", "author_email": "eb677@srcf.net", "bugtrack_url": null, "classifiers": [ "Development Status :: 2 - Pre-Alpha", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 3", "Topic :: Internet :: WWW/HTTP", "Topic :: Security", "Topic :: Software Development :: Libraries", "Topic :: System :: Systems Administration :: Authentication/Directory" ], "description": "============================================\nucam-wls: a Raven-like login service library\n============================================\n\n`Documentation <#>`_ [todo] |\n`PyPI <#>`_ [todo] |\n`GitHub `_\n\n``ucam-wls`` is a Python library to implement the *web login service* (WLS)\ncomponent of the 'Ucam-WebAuth' (or 'WAA2WLS') protocol, which is used\nprimarily at the University of Cambridge as part of the `Raven authentication\nservice`_.\n\n-------------------------------------------------------------------------------\n\n\nIntroduction\n------------\n\nThere are many implementations of the 'web authentication agent' (WAA) part of\nUcam-WebAuth. These are run by the party that is requesting a user's identity,\nand they exist already for various platforms, applications and languages.\n\nExamples include:\n\n- the officially-supported `mod_ucam_webauth`_ module for Apache Web Server,\n which is very popular (at least within Cambridge University)\n- `ucam-webauth-php`_, also published by the University but \"not (officially)\n supported\"\n- Daniel Richman's `python-ucam-webauth`_\n- `django-ucamwebauth`_, which is written and maintained by a team within the\n University\n\n(More are listed on the `Raven project page`_.)\n\nHowever, no known implementations of the WLS component (which authenticates\nusers against known credentials) exist, apart from the official Raven\n`production`_ and `test/demo`_ servers.\n\n``ucam-wls`` is a first attempt at a solution for developing your own WLS. It\nis intended to be easily integrated into a custom or in-house application to\nprovide the full authentication service.\n\n.. _Ucam-WebAuth: https://raven.cam.ac.uk/project/waa2wls-protocol.txt\n.. _Raven authentication service: https://raven.cam.ac.uk/project/\n.. _Raven project page: https://raven.cam.ac.uk/project/\n.. _mod_ucam_webauth: https://github.com/cambridgeuniversity/mod_ucam_webauth\n.. _ucam-webauth-php: https://github.com/cambridgeuniversity/ucam-webauth-php\n.. _python-ucam-webauth: https://github.com/DanielRichman/python-ucam-webauth\n.. _django-ucamwebauth: https://github.com/uisautomation/django-ucamwebauth\n.. _production: https://raven.cam.ac.uk/\n.. _test/demo: https://demo.raven.cam.ac.uk/\n\n\nPotential applications\n----------------------\n\nAn **internal single sign-on** service:\n\n- Useful for systems with in-house user account bases: internal webapps avoid\n reinventing the wheel by using battle-tested WAA implementations.\n- Easier to develop an internal login system in this way: half the work (the\n WAA side) is already done.\n- Internal webapps no longer need to roll their own authentication\n systems/databases, and access to passwords can be kept in a centralised\n location.\n- *Sounds a lot like the Raven service*, but webapps can authenticate against\n an entirely different user database.\n\n**Two-headed** login service:\n\n- Users can authenticate using either locally-administered credentials, or by\n being 'referred' to Raven (where the WLS redirects the client browser to\n Raven using the same request parameters).\n- Integrates authentication of local guest, external or special (e.g.\n administrator) accounts with that of mainstream Raven users, creating\n a unified login process regardless of the 'source' of the user's identity.\n- Similar to local *vs.* Raven login options on many websites and CMSes, but\n can be managed institution-wide rather than having to maintain decoupled sets\n of passwords on each installation of WordPress, Drupal, *etc.*\n\nThe above two use-cases essentially offer the same benefits that Raven does,\nbut with the added advantage that users don't need a Raven account to benefit\n(*e.g.* guests, external researchers, former staff/alumni). Alternatively, if\nthey do have a Raven account, they can be given the option of using Raven or\nlocal credentials.\n\nThe next use-case is different...\n\n**Stricter authentication requirements** than what Raven provides:\n\n- Useful for sensitive applications\n- Require both a username/password (possibly from either Raven or local\n credentials; see above) as well as multi-factor authentication methods such\n as a one-time password (OTP).\n- OTP secrets can be kept and managed centrally; the webapp never sees them or\n the OTP responses.\n\n\nExample WLS implementation\n--------------------------\n\nA simple implementation of a WLS using this library, and similar in nature to\nthe `Raven demo server`_, is available in the `wls-demo`_ repository.\n\n.. _Raven demo server: https://demo.raven.cam.ac.uk/\n.. _wls-demo: https://github.com/edwinbalani/wls-demo\n\n\nContributing\n------------\n\nThere is a long **to-do list** on this project. It includes:\n\n* Writing unit tests\n* Refining documentation of the public API, and getting a Read the Docs site\n going.\n* Providing an example implementation of a WLS using the library (possibly in\n another repository, or bundled into the ``ucam-wls`` Python package).\n **Importantly**, the Raven demo key (with key ID 901), with its publicly\n disclosed private key, should be used to signify that no useful\n authentication information is provided.\n\nIf you are keen to help out on any of the above (or indeed anything else), then\nplease fork, commit and submit a pull request! Maybe `get in touch\n`_ too :)\n\n\nA warning\n---------\n\n``ucam-wls`` is currently **experimental, pre-alpha quality software**. It has\nnot been tested heavily (yet), and no guarantees can be made regarding its\nsecurity or robustness.\n\nFor example, while the library attempts to make *some* checks on input\narguments (regarding types, values, validity *etc.*), it is still definitely\npossible to produce bogus responses that will confuse WAAs. (However,\n``ucam-wls`` is a library, and there is some level of expectation that\napplication developers will interface with it properly!)\n\n\nWhat this library does and doesn't do\n-------------------------------------\n\n``ucam-wls`` is a *library*, not a complete solution. Accordingly, it will:\n\n* Provide a **high-level interface** to a protocol-compliant implementation of\n a WLS.\n* Accept authentication requests as URL **query strings**, a Python\n **dictionary** of parameters, or as **keyword arguments** to a class\n constructor function.\n* Generate signed authentication responses with the appropriate status code,\n using a provided RSA private key.\n\nBut ``ucam-wls`` *won't*:\n\n* Run a fully-blown authentication server that checks usernames/passwords.\n* Serve a web interface for users to authenticate. (See `wls-demo`_ for an\n example of this.)\n* Manage your RSA private keys for you.\n\n\nLinks\n-----\n\n- `WAA2WLS protocol definition `_\n- `Raven project pages `_\n- `Raven wiki `_. Contains lots of newer\n information on Raven support, WAA implementations, *etc.*\n\n\nCredits and copyright\n---------------------\n\n``ucam-wls`` is authored by `Edwin Balani `_,\nand released under the terms of the MIT License.\n\nThe Ucam-WebAuth/WAA2WLS protocol was designed by `Jon Warbrick\n`_.\n\n\n", "description_content_type": "text/x-rst", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/edwinbalani/ucam-wls", "keywords": "cambridge university raven login authentication waa2wls ucam webauth ucam-webauth wls", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "ucam-wls", "package_url": "https://pypi.org/project/ucam-wls/", "platform": "", "project_url": "https://pypi.org/project/ucam-wls/", "project_urls": { "Homepage": "https://github.com/edwinbalani/ucam-wls" }, "release_url": "https://pypi.org/project/ucam-wls/0.0.2/", "requires_dist": [ "cryptography" ], "requires_python": ">=3", "summary": "A web login service library for the Ucam-WebAuth (WAA2WLS) protocol", "version": "0.0.2" }, "last_serial": 5269161, "releases": { "0.0.2": [ { "comment_text": "", "digests": { "md5": "5f4908c4c676bc00f90d5273f307eca2", "sha256": "3c090f7340db6136b6dfa08580915e1a4519d6b357461518f6870f3ce4b79587" }, "downloads": -1, "filename": "ucam_wls-0.0.2-py3-none-any.whl", "has_sig": false, "md5_digest": "5f4908c4c676bc00f90d5273f307eca2", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3", "size": 13071, "upload_time": "2019-05-14T19:52:34", "url": "https://files.pythonhosted.org/packages/a1/eb/ca75ad782c5fb1af96f0cb24565aac69c32b56b7f814c97c7b330b766aeb/ucam_wls-0.0.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "b35af1d6b2478c8f53f37f09637981d7", "sha256": "62fa4524f33a2de5c51e92ac4e774efb3564db59371321958b4ac0fceee261f7" }, "downloads": -1, "filename": "ucam-wls-0.0.2.tar.gz", "has_sig": false, "md5_digest": "b35af1d6b2478c8f53f37f09637981d7", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3", "size": 13914, "upload_time": "2019-05-14T19:52:46", "url": "https://files.pythonhosted.org/packages/63/e9/cbfe9e12a752eadaaacac06b9e49adbf7aa95e3d24edf3cdd43dc746c9b4/ucam-wls-0.0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "5f4908c4c676bc00f90d5273f307eca2", "sha256": "3c090f7340db6136b6dfa08580915e1a4519d6b357461518f6870f3ce4b79587" }, "downloads": -1, "filename": "ucam_wls-0.0.2-py3-none-any.whl", "has_sig": false, "md5_digest": "5f4908c4c676bc00f90d5273f307eca2", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3", "size": 13071, "upload_time": "2019-05-14T19:52:34", "url": "https://files.pythonhosted.org/packages/a1/eb/ca75ad782c5fb1af96f0cb24565aac69c32b56b7f814c97c7b330b766aeb/ucam_wls-0.0.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "b35af1d6b2478c8f53f37f09637981d7", "sha256": "62fa4524f33a2de5c51e92ac4e774efb3564db59371321958b4ac0fceee261f7" }, "downloads": -1, "filename": "ucam-wls-0.0.2.tar.gz", "has_sig": false, "md5_digest": "b35af1d6b2478c8f53f37f09637981d7", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3", "size": 13914, "upload_time": "2019-05-14T19:52:46", "url": "https://files.pythonhosted.org/packages/63/e9/cbfe9e12a752eadaaacac06b9e49adbf7aa95e3d24edf3cdd43dc746c9b4/ucam-wls-0.0.2.tar.gz" } ] }