[security-dev] Undertow IDM

Darran Lofthouse darran.lofthouse at jboss.com
Thu Apr 25 04:01:09 EDT 2013

Guys if you know I am working on a task can we please try and not start 
a discussion during my down time - you have managed to go off on a 
thread without even finding out the intention of the class in the first 

  * Firstly, why does Undertow have it's own IDM interface?

It is undesirable for the Undertow project to be bringing in 
dependencies on many different projects, an IDM provider being one of 

For this reason Undertow has defined an interface for it's IDM 
requirements, this effectively needs flagging as an spi but we have not 
been through the exercise of separating out api from spi.

  * Secondly, how can we use PicketLink IDM in Undertow.

PicketLink IDM is the whole reason for providing this interface, in the 
AS integration a wrapper should be provided to supply an implementation 
of this interface that delegates to PicketLink IDM.

Do not get caught up on the Digest side as that is not quite complete, 
although having said that I am not convinced the PicketLink 
representation is complete either to fully support all aspects of Digest 
plus stronger hashes but that is going to be a separate discussion.

This interface still needs to evolve further with the following 
priorities: -
  - Provide the data / verification required by authentication 
mechanisms within Undertow.
  - Make it easy to wrap PicketLink IDM.

For the latter point I don't believe we need a 1:1 mapping between the 
two but we do need to aim to be close.

Darran Lofthouse.

On 24/04/13 19:54, Anil Saldhana wrote:
> Hi all,
> https://github.com/undertow-io/undertow/tree/master/core/src/main/java/io/undertow/security/idm
> I am wondering how we can use PicketLink IDM in Undertow.
> Regards,
> Anil
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev

More information about the security-dev mailing list