We have a frontend that users can log into. The next step in web login support is generating a launch document (http://tools.ietf.org/html/draft-hamrick-vwrap-launch) with a pre-authenticated login capability. This capability should route to a special login handler that ignores username/password and pulls identity information out of the saved capability state data.

Requires:

• Looking at how our capability router works
• A functional security check for capability routing (append an internal SWT to requests?)
• Add another login handler (bad) or a new hook into the existing login handler

We have unauthenticated launch documents working, just need the authenticated versions now. I'm thinking about simplifying the capability router by only supporting local capabilities (for now). Calls would be made with PHP reflection instead of libcurl which removes the need for a security check on the routed capabilities. This, plus a new hook in the login script and it should be possible to get this working.

moved to http://jira.openmv.org/browse/SIM-12