I want to talk about where app-developers want to security metadata,
how, and what the format is.
I've already discussed a bit of the types of information that needs to
be stored:
- username/password
- keypairs
- JPG images
- TOTP keys
- nonces
- Tokens
Where do people stored this information?
- 3rd Party IDP
- 3rd party directory services (LDAP, ActiveDirectory)
- config files within an app-deployment (WAR, EAR)
- config files outside an app-deployment
- a database
What does the metadata look like?
- JBoss defined schemas
- Extenerally defined schemas (SAML, XACML, custom)
How do they manage this metadata? Do our larger customers want to use
non-JBoss identity management solutions? Would they use something we
provided?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com