Authentication

urn:js:virtue:aspire:proposal:23.1

TL;DR

Authentication for ASPIRE applications is provided by an identity provider other than the application.

Rational

Users do not have separate passwords for separate Aspire services

Users are logged into services without typing passwords unless this is impossible, in which case they should by typing their standard windows password

When a user leaves and the primary domain account is disabled then the account is immediately disabled

When a user changes group then the privileges granted to that user change. Ideally this is immediate but a delay of a few hours may be acceptable for some applications.

It is not necessary to create or modify users in the Aspire services/applications.

Implications

None.