Trac myVocs mod

Trac is an web interface to change control repositories and is used by myVocs to trac changes to key components of the project. Trac is the web tool you are currently looking at.

The changes involved for myVocs integration are primarily those required for Shibboleth integration. They typically go a little farther though in that they enforce a certain semantic perspective of identity and authorization in order to reflect who has control over these elements. Identity is the domain of responsibility of the identity provider and the service providers (web tools) cannot control identity. They simply accept it. This also means that they shouldn't expose traditional features such as alowing the user to override the identity assertion from the identity provider.

Trac supports web-server based authentication (AuthType Basic and Digest in Apache) out of the box. This means it is ready to accept whatever identity is communicated via the REMOTE_USER CGI environment variable. As a result the initial modifications to Trac have been light. The main change can be reviewed in changeset:7. They amount to changing the text of the Login and Logout functions to help clarify that the user typically doesn't login to a specific web tool. They simply change their authorization state, at the request of the user, as communicated by their identity provider according to policies at the web tool.

Additional changes will be likely, like not allowing the user to override the identity communicated by their currently active identity provider.