Name |
Date |
Size |
#Lines |
LOC |
||
|---|---|---|---|---|---|---|
| .. | - | - | ||||
| figures/ | 12-May-2024 | - | ||||
| frameworks/kitsimpl/src/ | 12-May-2024 | - | 736 | 615 | ||
| interfaces/innerkits/ | 12-May-2024 | - | 3,838 | 2,918 | ||
| sa_profile/ | 12-May-2024 | - | 47 | 30 | ||
| services/ | 12-May-2024 | - | 2,482 | 2,006 | ||
| test/ | 12-May-2024 | - | 252 | 184 | ||
| utils/ | 12-May-2024 | - | 116 | 80 | ||
| LICENSE | D | 12-May-2024 | 9.9 KiB | 177 | 150 | |
| OAT.xml | D | 12-May-2024 | 982 | 26 | 10 | |
| README.md | D | 12-May-2024 | 2.8 KiB | 66 | 37 | |
| README_ZH.md | D | 12-May-2024 | 2.7 KiB | 73 | 43 | |
| bundle.json | D | 12-May-2024 | 2.9 KiB | 97 | 96 | |
| userauth.gni | D | 12-May-2024 | 1 KiB | 31 | 21 |
README.md
1# Unified User Authentication (userauth) 2 3 4 5## Introduction 6 7As a basic component of the User Identity & Access Management (IAM) subsystem, Unified User Authentication (userauth) implements unified user authentication and provides biometric feature authentication APIs to third-party applications. 8 9**Figure 1** userauth architecture 10 11<img src="figures/userauth_architecture.png" alt="userauth_architecture" style="zoom:80%;" /> 12 13 14 15The userauth APIs support user authentication of the target Authentication Trust Level (ATL). The target ATL is specified by the service. The target user ID can be specified by the service (system service or basic system application) or obtained from the system context (third-party application). 16 17## Directory Structure 18 19```undefined 20//base/user_iam/user_auth 21├── frameworks # Framework code 22├── interfaces # Directory for storing external interfaces 23│ └── innerkits # Header files exposed to the internal subsystems 24├── sa_profile # Profile of the Service ability 25├── services # Implementation of the Service ability 26├── test # Directory for storing test code 27├── utils # Directory for storing utility code 28├── bundle.json # Component description file 29└── userauth.gni # Build configuration 30``` 31 32 33## Usage 34 35### Available APIs 36 37**Table 1** APIs for unified user authentication 38 39| API | Description | 40| ------ | -------------------------------- | 41| getAvailableStatus(authType : AuthType, authTrustLevel : AuthTurstLevel) : number; | Obtains the available authentication status.| 42| auth(challenge: BigInt, authType : AuthType, authTrustLevel: AuthTurstLevel, callback: IUserAuthCallback): BigInt; | Performs user authentication. | 43 44### Usage Guidelines 45 46- Vendors must implement the following in a Trusted Execution Environment (TEE): 47 481. Authentication scheme: Determine the user authentication scheme based on the user credentials entered and the target ATL. 492. Authentication result evaluation: Evaluate whether the authentication reaches the target ATL based on the authentication result returned by the executor. 50 51- The APIs defined in the header file ```common\interface\userauth_interface.h``` in the [useriam_auth_executor_mgr](https://gitee.com/openharmony-sig/useriam_coauth) repository must be implemented in a TEE, and the security of user authentication scheme and result evaluation must be ensured. 52 53 54 55## Repositories Involved 56 57[useriam_auth_executor_mgr](https://gitee.com/openharmony-sig/useriam_coauth) 58 59[useriam_user_idm](https://gitee.com/openharmony-sig/useriam_useridm) 60 61**[useriam_user_auth](https://gitee.com/openharmony-sig/useriam_userauth)** 62 63[useriam_pin_auth](https://gitee.com/openharmony-sig/useriam_pinauth) 64 65[useriam_faceauth](https://gitee.com/openharmony/useriam_faceauth) 66
README_ZH.md
1# 统一用户认证 2 3- [简介](#简介) 4- [目录](#目录) 5- [说明](#说明) 6 - [接口说明](#接口说明) 7 - [使用说明](#使用说明) 8- [相关仓](#相关仓) 9 10 11## 简介 12 13**统一用户认证**(userauth)是用户IAM子系统的基础部件之一,对外提供统一用户身份认证功能,并且开放生物特征认证API给三方应用调用。 14 15**图1** 统一用户认证架构图 16 17<img src="figures/统一用户认证架构图.png" alt="统一用户认证架构图" style="zoom:80%;" /> 18 19 20 21用户认证接口支持针对目标用户完成达到目标认证结果可信等级(ATL)的用户身份认证。其中目标ATL由业务指定,目标用户id可以由业务指定(系统服务或系统基础应用),也可以从系统上下文获取(三方应用)。 22 23## 目录 24 25```undefined 26//base/user_iam/user_auth 27├── frameworks # 框架代码 28├── interfaces # 对外接口存放目录 29│ └── innerkits # 对内部子系统暴露的头文件,供系统服务使用 30├── sa_profile # Service Ability 配置文件 31├── services # Service Ability 服务实现 32├── test # 测试代码存放目录 33├── utils # 工具代码存放目录 34├── bundle.json # 组件描述文件 35└── userauth.gni # 构建配置 36``` 37 38 39## 说明 40 41### 接口说明 42 43**表1** 统一用户认证API 44 45| 接口名 | 描述 | 46| ------ | -------------------------------- | 47| getAvailableStatus(authType : AuthType, authTrustLevel : AuthTurstLevel) : number; | 指定ATL,查询是否支持目标认证方式 | 48| auth(challenge: BigInt, authType : AuthType, authTrustLevel: AuthTurstLevel, callback: IUserAuthCallback): BigInt; | 指定ATL和认证方式,完成用户身份认证 | 49 50### 使用说明 51 52- 厂商在对接统一用户认证框架时,需要在可信执行环境中实现以下两个功能点: 53 541. 认证方案生成:根据目标用户录入的认证凭据和目标认证安全等级,决策用户身份认证方案。 552. 认证结果评估:根据执行器返回的身份认证结果,评估是否达到目标认证安全等级。 56 57- 需在可信执行环境内实现[useriam_auth_executor_mgr](https://gitee.com/openharmony-sig/useriam_coauth)仓内,头文件```common\interface\userauth_interface.h``` 中定义的接口,保证用户身份认证方案决策和结果评估过程的安全性。 58 59 60 61## 相关仓 62 63[useriam_auth_executor_mgr](https://gitee.com/openharmony/useriam_auth_executor_mgr) 64 65[useriam_user_idm](https://gitee.com/openharmony/useriam_user_idm) 66 67**[useriam_user_auth](https://gitee.com/openharmony/useriam_user_auth)** 68 69[useriam_pin_auth](https://gitee.com/openharmony/useriam_pin_auth) 70 71[useriam_faceauth](https://gitee.com/openharmony/useriam_faceauth) 72 73