Provided by: dacs_1.4.28b-3ubuntu1_amd64 bug

NAME
       dacs_current_credentials - display DACS credentials


SYNOPSIS
       dacs_current_credentials [dacsoptions[1]]


DESCRIPTION
       This program is part of the DACS suite.

       The dacs_current_credentials web service provides information about the credentials that
       accompany the request and the identities described by those credentials. It can be used to
       determine whether credentials are valid, confirm who they belong to, find out which roles
       are associated with the credentials, and so on.

       If user activity[2] data is available, dacs_current_credentials can also return
       information for the identity associated with each valid set of credentials, including the
       time of the last sign on and a description of any sign-on that is still "active" (i.e.,
       has not expired and was not signed off). This information can be useful for detecting
       unauthorized account access, regardless of the authentication method used, and other
       potentially problematic activity.

       The FORMAT argument[3] determines the type of output, with the default being HTML, using
       the style sheet dacs_current_credentials.css[4]. If XML output is selected, a document
       conforming to dacs_current_credentials.dtd[5] is returned, which supplies additional
       information. The JSON format is also recognized. The previous_auth and active_auth
       elements appear only when user activity tracking data is accessible. The previous_auth
       element is empty if there are not two or more records of authentication activity for the
       associated identity. For a given identity, an active_auth element is present for each
       authentication event for which there is no corresponding sign off event, other than the
       most recent one, and for which the issued credentials have not expired - these are "active
       sessions". Reauthentication as the same identity does not create a sign off event,
       however, and signing off (e.g., via dacs_signout(8)[6]) does not necessarily mean that a
       user agent has destroyed credentials (though that is normally the case). Also, a user can
       unilaterally destroy credentials (e.g., by terminating a browser session or removing
       cookies manually), so not all active sessions necessarily exist.


OPTIONS
   Web Service Arguments
       dacs_current_credentials accepts the following arguments in addition to the standard CGI
       arguments[7].

       DETAIL
           If "yes", this optional argument requests additional information. It is recognized
           only in conjunction with XML format output. By default, this argument can only be used
           by a DACS administrator (see dacs_admin()[8]). The activity tracking information is
           returned only if detail is requested.


EXAMPLE
       After authenticating[9] as DSS::INFOCARDS:bob, invoke dacs_current_credentials (HTML)[10]
       to view the identity (or identities) stored as a cookie in your browser. Information about
       the credentials can also be returned as XML[11].


FILES
       dacs_current_credentials.css[4]


DIAGNOSTICS
       The program exits 0 if everything was fine, 1 if an error occurred.


SEE ALSO
       dacs_authenticate(8)[12], dacs_signout(8)[6]


AUTHOR
       Distributed Systems Software (www.dss.ca[13])


COPYING
       Copyright2003-2012 Distributed Systems Software. See the LICENSE[14] file that accompanies
       the distribution for licensing information.


NOTES
        1. dacsoptions
           http://dacs.dss.ca/man/dacs.1.html#dacsoptions

        2. user activity
           http://dacs.dss.ca/man/dacs.1.html#tracking_user_activity

        3. FORMAT argument
           http://dacs.dss.ca/man/dacs.services.8.html#FORMAT

        4. dacs_current_credentials.css
           http://dacs.dss.ca/man//css/dacs_current_credentials.css

        5. dacs_current_credentials.dtd
           http://dacs.dss.ca/man/../dtd-xsd/dacs_current_credentials.dtd

        6. dacs_signout(8)
           http://dacs.dss.ca/man/dacs_signout.8.html

        7. standard CGI arguments
           http://dacs.dss.ca/man/dacs.services.8.html#standard_cgi_args

        8. dacs_admin()
           http://dacs.dss.ca/man/dacs.exprs.5.html#dacs_admin

        9. authenticating
           https://dacs.dss.ca/infocard-demo/cgi-bin/dacs/dacs_authenticate?USERNAME=bob&PASSWORD=foozle&DACS_JURISDICTION=INFOCARDS&AUXILIARY=&DACS_BROWSER=1&COOKIE_SYNTAX=COOKIE_NETSCAPE

       10. invoke dacs_current_credentials (HTML)
           https://dacs.dss.ca/infocard-demo/cgi-bin/dacs/dacs_current_credentials?FORMAT=HTML

       11. returned as XML
           https://dacs.dss.ca/infocard-demo/cgi-bin/dacs/dacs_current_credentials?FORMAT=XML&DETAIL=yes

       12. dacs_authenticate(8)
           http://dacs.dss.ca/man/dacs_authenticate.8.html

       13. www.dss.ca
           http://www.dss.ca

       14. LICENSE
           http://dacs.dss.ca/man/../misc/LICENSE