On 09/23/2011 11:34 AM, Bill Burke wrote:
On 9/23/11 12:24 PM, Anil Saldhana wrote:
> On 09/23/2011 09:02 AM, Bill Burke wrote:
>> I want to talk about where app-developers want to security metadata,
>> how, and what the format is.
>>
>> I've already discussed a bit of the types of information that needs to
>> be stored:
>>
>> - username/password
>> - keypairs
>> - JPG images
>> - TOTP keys
>> - nonces
>> - Tokens
> These will be attributes pertaining to an user and generated for an
> user? So basically, we are looking at a simple identity store that has
> Identity/Attributes mapping. Look at picketlink IDM.
>
http://anonsvn.jboss.org/repos/picketlink/idm/
>
Needs better integration with AS. From what I saw, its a lot of
configuration just to set it up.
I started the branch 2.0 for IDM just to get the
simpler api in place
for use with AS. I have not worked on it for few weeks as I have been
doing other things. I do suggest putting the store api in that project
so we can get it integrated into AS.
>> Where do people stored this information?
>>
>> - 3rd Party IDP
>> - 3rd party directory services (LDAP, ActiveDirectory)
>> - config files within an app-deployment (WAR, EAR)
>> - config files outside an app-deployment
>> - a database
>>
> In real life, they typically store in an LDAP for fast read access.
>
> Their own schema's, or do they map to ours?
>
Typically, they use custom ldap schemas beyond what is defined by ldap
specs. If you have a lot of r/w operations on the store, it is better to
use a db with use of transactions.
>> What does the metadata look like?
>>
>> - JBoss defined schemas
>> - Extenerally defined schemas (SAML, XACML, custom)
>>
>> How do they manage this metadata? Do our larger customers want to use
>> non-JBoss identity management solutions? Would they use something we
>> provided?
> Currently mainly SAML and WS-Trust. They will use the PicketLink
> Federation with saml and ws-trust capabilities, with custom adapters.