Yuck is an identity provider that allows end users to securely authenticate themselves to web sites and applications. Yuck also allows users to authorize applications to act on their behalf. Yuck supports the OAuth2 and OpenID Connect protocols, and has an API to allow storing and managing data about end users, applications, and other entities related to authentication.
I've not tweaked the elevator pitch, but I've sketched the architecture document a little: https://files.liw.fi/yuck-arch/
Feedback is welcome.
@liw Authorization is happening at the application frontend and API clients?
It uses access tokens provided by the IDP after user authentication?
@lufthans The IDP keeps track of what each end user is allowed to do ("scopes" they're allowed to have), and embeds the scopes in the digitally signed access token. The RP implements access control checks based on scopes and other information in the token.
@liw so the IDP need to know or discover objects and capabilities for granting access?
for instance, know that the bank statement exists and read-only is one permission that can be granted for that type of object?
@liw If you want grammar and typo suggestions/fixes, see below. If not, then ignore it :)
s/An IDP interacts/& with/
s/for security reasons/& there/
@lufthans Thanks, fixed.
@liw your welcome
Nasqueron is a budding community of creative people, writers, developers and thinkers. We focus on free culture, ethics and to be a positive change. We share values like respect, justice and equity.