[security-dev] Credentials API redesign

Bill Burke bburke at redhat.com
Thu Dec 6 10:40:48 EST 2012

On 12/6/2012 10:37 AM, Anil Saldhana wrote:
> On 12/06/2012 09:00 AM, Darran Lofthouse wrote:
>> I can see that there are cases where we know the User so it is desirable
>> to supply it but there are still the cases where we don't know the user
>> until after the credential has been verified.
> This actually is valid when integrating with proprietary 3rd party
> security systems.
> Assume a proprietary token coming into the authentication system and
> the auth system needs to pass this to the 3rd party system for
> deciphering and authentication. Once the 3rd party system validates and
> releases the user details, the auth system can perform its security
> context initialization etc.  This has been seen in the domain of the App
> Server with 3rd party sec systems.

This is protocol specific and should not be handled by the IDM API.


Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list