On 09/23/2011 09:02 AM, Bill Burke wrote:
I want to talk about where app-developers want to security metadata,
how, and what the format is.
I've already discussed a bit of the types of information that needs to
be stored:
- username/password
- keypairs
- JPG images
- TOTP keys
- nonces
- Tokens
These will be attributes pertaining to an user and generated for an
user? So basically, we are looking at a simple identity store that has
Identity/Attributes mapping. Look at picketlink IDM.
http://anonsvn.jboss.org/repos/picketlink/idm/
Where do people stored this information?
- 3rd Party IDP
- 3rd party directory services (LDAP, ActiveDirectory)
- config files within an app-deployment (WAR, EAR)
- config files outside an app-deployment
- a database
In real life, they typically store in an LDAP for fast read access.
What does the metadata look like?
- JBoss defined schemas
- Extenerally defined schemas (SAML, XACML, custom)
How do they manage this metadata? Do our larger customers want to use
non-JBoss identity management solutions? Would they use something we
provided?
Currently mainly SAML and WS-Trust. They will use the PicketLink
Federation with saml and ws-trust capabilities, with custom adapters.