Hi Berend, and everyone else interested,
After performing some extra research on the subject, there is a little more involved for my goal then I assumed before (isn't it always like this;-)).
My Company will create a new web application (migrating an existing one) and make a move to the new web of things.
One of my primary concerns is security. I need the following aspects:
- Authentication of users;
- Authorisation for exchanging protected information by these users and external users/systems;
- Session management (log in/out, easy deployment of new versions by making it possible for an administrator to force logouts);
My investigations so for made me go for the following technologies:
- OpenId (for authentication and authorization)
- Oauth version 2 (for authorization of the protected resources)
- JWT as the token implementation
While I already created an abstract framework in Eiffel for some common software systems aspects (event driven interfaces (WUI, GUI, TUI, web api based on EWF), based on the theory of H18 in Touch of class, I am now thinking of implementing the above using this framework.
Ok, that's the way to go then, create native Eiffel libraries for this. In the upcoming weeks I will set up an environment for this and start stating my goals.
This will be my first open source contribution, so I will start with understanding the requirements of the EWF community and then put everything into place, if you have any pointers for this, please let me know?.
I will let you know when there is progress or when I have questions ;-). I hope I can count on your support.