[security-dev] PicketLink 3 IDM - Avoiding Knowledge of the IdentityStore

Shane Bryzak sbryzak at redhat.com
Sun Dec 2 18:13:04 EST 2012


On 12/01/2012 10:51 PM, Darran Lofthouse wrote:
> Working further with the API one thing that I notice is that is that
> although basic access to load IdentityTypes can be performed using the
> generic interfaces adding new identities seems to require a knowledge of
> the store to select the correct type.
>
> As an example from what I can see to add a user to the
> FileBasedIdentityStore I need to add a FileUser - is this correct or am
> I missing something?

This isn't correct; as long as you code to the interfaces the 
IdentityStore should support it - if it doesn't then it's a bug. You 
shouldn't require any specific knowledge about the IdentityStore 
implementations, in fact it's preferable that the developer isn't even 
aware of them (although this isn't possible because they actually need 
to be configured).

>
> What I would hope to see is that a client of the API can be written to
> be completely independent of the IdentityStore so should the
> IdentityStore be switched the client would remain mostly unchanged.

This is exactly how it should work.

>
> Regards,
> Darran Lofthouse.
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev



More information about the security-dev mailing list