[jboss-dev-forums] [Design of Security on JBoss] - Re: SecurityContext

Wednesday, 30 August 2006

&quot;scott.stark(a)jboss.org&quot; wrote : 
  | We need to workout the trust usecase workflows to define the spi. I don't think
its best embeded in the authentication call, but I"m not sure. How would 196 deal
with a saml identity assertion?
  | 

JSR-196 does not handle it now explicitly.  There is support via:
a) Access to the Http Request (means access to the SAML Token). The server runtime can do
back-door communication via SOAP with a Identity Server for the additional attributes
associated with the saml identity.
b) Server Runtime can hold state such that there is back and forth communication with the
client runtime. Similar to the SPNEGO requirements.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3968424#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of Security on JBoss] - Re: SecurityContext