Idea #11453
Updated by Tom Morris about 7 years ago
Basic elements:
- a single login server which provides authentication for all clusters in the network
- a single user UUID is used across all nodes in the cluster.
API server needs two additional features:
1. Validate salted token by contacting origin cluster
2. As an origin cluster, validate a received token from a remote cluster
Validation requests return valid/invalid, UUID, username, email address, as well as a lifetime after which the token should be revalidated by the caller.
Draft: [[Federated identity]]
Migration process from local identity to network identity is separate