[security-dev] Undertow IDM

Darran Lofthouse darran.lofthouse at jboss.com
Fri Apr 26 04:01:01 EDT 2013

On 25/04/13 14:48, Anil Saldhana wrote:
> I am not questioning anything.  All I am trying to see how do we get
> PicketLink
> being able to run on Undertow because when we release PL3 in June, it should
> be Undertow ready. :)

Hello Anil - my concern about this thread is we have numerous engineers 
discussing how to integrate an aspect of an API that is already planned 
to be modified ;-)

As I said in my reply above, I will get some articles up clarifying the 
current situation and then we can build from those.

> On 04/25/2013 03:01 AM, Darran Lofthouse wrote:
>> Guys if you know I am working on a task can we please try and not start
>> a discussion during my down time - you have managed to go off on a
>> thread without even finding out the intention of the class in the first
>> place.
>>     * Firstly, why does Undertow have it's own IDM interface?
>> It is undesirable for the Undertow project to be bringing in
>> dependencies on many different projects, an IDM provider being one of
>> them.
>> For this reason Undertow has defined an interface for it's IDM
>> requirements, this effectively needs flagging as an spi but we have not
>> been through the exercise of separating out api from spi.
>>     * Secondly, how can we use PicketLink IDM in Undertow.
>> PicketLink IDM is the whole reason for providing this interface, in the
>> AS integration a wrapper should be provided to supply an implementation
>> of this interface that delegates to PicketLink IDM.
>> Do not get caught up on the Digest side as that is not quite complete,
>> although having said that I am not convinced the PicketLink
>> representation is complete either to fully support all aspects of Digest
>> plus stronger hashes but that is going to be a separate discussion.
>> This interface still needs to evolve further with the following
>> priorities: -
>>     - Provide the data / verification required by authentication
>> mechanisms within Undertow.
>>     - Make it easy to wrap PicketLink IDM.
>> For the latter point I don't believe we need a 1:1 mapping between the
>> two but we do need to aim to be close.
>> Regards,
>> Darran Lofthouse.
>> On 24/04/13 19:54, Anil Saldhana wrote:
>>> Hi all,
>>> https://github.com/undertow-io/undertow/tree/master/core/src/main/java/io/undertow/security/idm
>>> I am wondering how we can use PicketLink IDM in Undertow.
>>> Regards,
>>> Anil
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev

More information about the security-dev mailing list