On 9/23/11 12:24 PM, Anil Saldhana wrote:
On 09/23/2011 09:02 AM, Bill Burke wrote:
> I want to talk about where app-developers want to security metadata,
> how, and what the format is.
>
> I've already discussed a bit of the types of information that needs to
> be stored:
>
> - username/password
> - keypairs
> - JPG images
> - TOTP keys
> - nonces
> - Tokens
These will be attributes pertaining to an user and generated for an
user? So basically, we are looking at a simple identity store that has
Identity/Attributes mapping. Look at picketlink IDM.
http://anonsvn.jboss.org/repos/picketlink/idm/
Needs better integration with AS. From what I saw, its a lot of
configuration just to set it up.
> Where do people stored this information?
>
> - 3rd Party IDP
> - 3rd party directory services (LDAP, ActiveDirectory)
> - config files within an app-deployment (WAR, EAR)
> - config files outside an app-deployment
> - a database
>
In real life, they typically store in an LDAP for fast read access.
Their own schema's, or do they map to ours?
> What does the metadata look like?
>
> - JBoss defined schemas
> - Extenerally defined schemas (SAML, XACML, custom)
>
> How do they manage this metadata? Do our larger customers want to use
> non-JBoss identity management solutions? Would they use something we
> provided?
Currently mainly SAML and WS-Trust. They will use the PicketLink
Federation with saml and ws-trust capabilities, with custom adapters.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com