• Usual backups this morning
• Read some CASPORT documentation at site looking how to integrate more with it
• Back at the mill making a PKI test project and new security library jar
• Demo moved up to 1:30, we’ll first be giving a general demo of Visibility to a new group of people, then one to the planned group followed by some training on everything

My thoughts on PKI/CASPORT integration, step by step:

1. A users connects to a flex application via HTTPS
2. A servlet filter intercepts the requests
3. The filter gets the X509Cert  and retrieves users details from CASPORT, if a cert is not found the session is rejected: the end
4. The filter places the cert and user information on the session for later access
5. Upon creation complete of the flex app, the application asks the user service for the user
6. The user service checks for information on the session:
1. If not there, null is returned and a log in screen is displayed as it is now
2. If it is found, the user service checks the database for a matching users
1. User not found in DB: log in screen is displayed, upon successful log in the userDN is stored in the databases for future use and no log in screen will be displayed again for that user
2. User found in DB: user service returns the UserInfoObject and the log in screen is skipped

We will have to add a new unique column to the user table called ‘userDN’ which uniquely identifies each user.  The value is provided by CASPORT when looking them up via their cert.

This scheme will allow us to continue using our existing user management schemes, not require wiping the user base, and, a logging in 1 time, the system will use PKI certs to log in from that point on.