[security-dev] PicketLink 3 IDM - Avoiding Knowledge of the IdentityStore
sbryzak at redhat.com
Sun Dec 2 18:13:04 EST 2012
On 12/01/2012 10:51 PM, Darran Lofthouse wrote:
> Working further with the API one thing that I notice is that is that
> although basic access to load IdentityTypes can be performed using the
> generic interfaces adding new identities seems to require a knowledge of
> the store to select the correct type.
> As an example from what I can see to add a user to the
> FileBasedIdentityStore I need to add a FileUser - is this correct or am
> I missing something?
This isn't correct; as long as you code to the interfaces the
IdentityStore should support it - if it doesn't then it's a bug. You
shouldn't require any specific knowledge about the IdentityStore
implementations, in fact it's preferable that the developer isn't even
aware of them (although this isn't possible because they actually need
to be configured).
> What I would hope to see is that a client of the API can be written to
> be completely independent of the IdentityStore so should the
> IdentityStore be switched the client would remain mostly unchanged.
This is exactly how it should work.
> Darran Lofthouse.
> security-dev mailing list
> security-dev at lists.jboss.org
More information about the security-dev