[security-dev] PicketLink SCIM Module
Shane Bryzak
sbryzak at redhat.com
Tue May 21 04:22:06 EDT 2013
I've been reviewing the capabilities of the SCIM module (which are
defined by the SCIM specification [1]) and someone correct me if I'm
wrong, but it only seems to provide a subset of the features that we
support in PicketLink. Specifically missing are authentication, and
support for the extended relationship types (basically everything
besides group membership). I'm wondering if it might be worth providing
a PicketLink REST module instead, which would provide two sets of
RESTful services; the first being a SCIM-compliant service, the second
being a more proprietary service that exposes all of the capabilities of
PicketLink.
On top of this, I think it would be of huge benefit to provide both Java
and JavaScript clients to consume both services. Anil has already
implemented a Java-based SCIM client in the SCIM module, but imagine if
we provided PicketLink JavaScript scripts that web application
developers could drop into their app - this would be a huge development
time saver. I'm also thinking that the JavaScript clients should
support a variety of authentication mechanisms; BASIC, DIGEST, X509,
user/password, OAuth, etc. This is kind of uncharted territory for me
(REST-based auth) so any feedback or opinions on this would be appreciated.
Shane
[1] http://www.simplecloud.info/specs/draft-scim-api-01.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20130521/3dc43d2e/attachment.html
More information about the security-dev
mailing list