The trust spi needs to support the mapping of one identity to another. SPENGO is an
example of a full authentication sequence, not a trust decision. When I think of a trust
spi, I'm thinking of having an identity/subject from one authentication domain and I
need to map it to the current domain. Currently you have to have the full authentication
info for the target domain. A trust spi allows one to query if and what the target domain
identity is without performing full reauthentication.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3968441#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...