|
|
Actions in the PEP system are subject to access control: to be able to do anything in PEP, users must be authorized to perform that action. Authorization is granted on the basis of previously acquired enrollment data. Enrollment, in turn, is performed on the basis of an OAuth token. And such OAuth tokens are (usually) issued on the basis of prior authentication.
|
|
|
|
|
|
This page describes the authentication and authorization mechanism in some detail. Users can ignore most of the complexity by using higher-level operations supported by PEP's API and by some of its client applications.
|
|
|
|
|
|
# Authentication
|
|
|
|
|
|
PEP does not provide its own user authentication mechanism. Instead users authenticate themselves to an external service, e.g. providing user name and password to an interactive logon (Web)page. Currently only the [SURFconext](https://www.surf.nl/en/surfconext-global-access-with-1-set-of-credentials) authentication service is supported.
|
... | ... | |