<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 27/09/12 05:24, Jason Porter wrote:<br>
</div>
<blockquote
cite="mid:CAF9TksPPvLDmPcTEQObJrXq59ad=O=24RSj7gv-+=Sg0c4gUug@mail.gmail.com"
type="cite">Hey all,
<div><br>
</div>
<div>I'm going through the API again as I've seen some changes
since I last went through it. I may be the only one in this
boat, but I feel like this interface is starting to become too
crowded. Should some of the methods be moved over to their
respective objects (Identity, User, Role, Group, etc)? Should we
split things off into a different interface? I'm also becoming
concerned with the password and certificate methods on there.</div>
</blockquote>
<br>
It does look like some new methods have crept in. Which methods
would you suggest moving over? The identity model objects are
designed to be lightweight and non-relational. <br>
<br>
<blockquote
cite="mid:CAF9TksPPvLDmPcTEQObJrXq59ad=O=24RSj7gv-+=Sg0c4gUug@mail.gmail.com"
type="cite">
<div><br>
</div>
<div>It seems to me these are essentially authentication
challenges. Eventually I'm sure we'll add more like OAuth or
OpenId, two-factor auth, etc. Will each of these be their own
methods? Could it be a configuration option to build up a chain
of authentication challenge providers? I had initially thought
of a challenge object which would allow input and provide a
simple response: pass, fail, move to next challenge. Maybe
that's too broad or a bad idea, I don't really know, just
throwing out ideas.</div>
</blockquote>
<br>
I agree with the concern over certificate methods being there, we
originally just had password methods to cover the 90% use case. If
we're going to start managing other forms of credentials, we should
look at abstracting out all credential management.<br>
<br>
<blockquote
cite="mid:CAF9TksPPvLDmPcTEQObJrXq59ad=O=24RSj7gv-+=Sg0c4gUug@mail.gmail.com"
type="cite">
<div><br>
</div>
<div>Just looking to make this easy to use and make sure it makes
sense to users (who I think would be coming from a Java EE
background).<br clear="all">
<div><br>
</div>
-- <br>
Jason Porter<br>
<a moz-do-not-send="true"
href="http://lightguard-jp.blogspot.com" target="_blank">http://lightguard-jp.blogspot.com</a><br>
<a moz-do-not-send="true" href="http://twitter.com/lightguardjp"
target="_blank">http://twitter.com/lightguardjp</a><br>
<br>
Software Engineer<br>
Open Source Advocate<br>
Author of Seam Catch - Next Generation Java Exception Handling<br>
<br>
PGP key id: 926CCFF5<br>
PGP key available at: <a moz-do-not-send="true"
href="http://keyserver.net" target="_blank">keyserver.net</a>,
<a moz-do-not-send="true" href="http://pgp.mit.edu"
target="_blank">pgp.mit.edu</a><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
security-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/security-dev">https://lists.jboss.org/mailman/listinfo/security-dev</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>