Authorisation & authentication - akvo/akvo-core-services GitHub Wiki

####Requirements

• Singe user ID across Akvo services
• Fine-grained roles & permissions
• Both action-based and domain-based: limit a user to delete surveys, or access a particular survey group
• OAuth, OpenId enabled
• Administrator control of login
• could be used for external purposes as well
• support 2 factor authentication, or possibly use something like YubiKey
• a user registers, and then is given rights by an Admin

####Possible candidates

• JAAS
• Shiro (clojure wrapper: https://github.com/inventiLT/Pocheshiro)
• ForgeRock
• Shibolet
• SAML
• ODRL