Moving on to the concept of JBossSubject an end result of authentication, we have many
variations of Subjects to consider:
a) JAAS Subject.
b) SAML Subject
c) WS-Trust Security Token (that contains claims about a trusted identity like name etc).
d) XACML Subject
e) Custom subject.
Of these the structure of JAAS, SAML and XACML are well defined. WS-T security token is
open-ended with scope for custom tokens.
I am thinking that JBossSubject should be a composition of these subjects , rather than an
union of constituents of these individual subjects.
My Choice:
| public class JBossSubject
| {
| List<Object> theSubjects;
|
| public <T> void addSubject(T subject);
| }
|
A particular case I have in mind is when an authenticated subject has multiple identities
(a jaas subject, saml subject, a security token etc) and the authorization layer can make
a decision based on some configuration, in the presence of multiple subject types for a
particular identity.
For the record, a ws-trust security token can be saml, x509, username/pwd or custom.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4031257#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...