Darran Lofthouse [http://community.jboss.org/people/dlofthouse] modified the document: "Management API Security Transport Authentication" To view the document, visit: http://community.jboss.org/docs/DOC-16587 -------------------------------------------------------------- h1. Transport Authentication At the transport level we will support the following mechanisms for establishing and verifying the identity of the client connecting to the server. || *Native (SASL)* || *HTTP* || | +Plain *+ | Basic | | Digest_MD5 | Digest | | GSSAPI | SPNEGO | | +External *+ | Client Cert | * Not supplied by the JDK, maybe we will provide a provider. h5. Notes The Native connection is using Remoting 3 so will make use of the JDK supplied SASL implementation. Support for Plain / Basic although should be avoided if Digest_MD5 / Digest can be used will be provided for scenarios where pass through of both username and password to back end user database is required. A single transport will be required to support multiple mechanisms e.g. The Native API may need to use External authentication for hosts but Digest_MD5 for connections from administrators. h3. Reference SASL and SASL External - http://datatracker.ietf.org/doc/rfc4422/ http://datatracker.ietf.org/doc/rfc4422/ SASL Plain - http://datatracker.ietf.org/doc/rfc4616/ http://datatracker.ietf.org/doc/rfc4616/ SASL Digest_MD5 - http://datatracker.ietf.org/doc/rfc2831/ http://datatracker.ietf.org/doc/rfc2831/ SASL GSSAPI - http://datatracker.ietf.org/doc/rfc4752/ http://datatracker.ietf.org/doc/rfc4752/ Java SASL Documentation - http://download.oracle.com/javase/6/docs/technotes/guides/security/sasl/s... http://download.oracle.com/javase/6/docs/technotes/guides/security/sasl/s... HTTP Basic and Digest - http://datatracker.ietf.org/doc/rfc2617/ http://datatracker.ietf.org/doc/rfc2617/ HTTP SPNEGO - http://datatracker.ietf.org/doc/rfc4559/ http://datatracker.ietf.org/doc/rfc4559/ Java Secure Programming and SSO - http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/l... http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/l... -------------------------------------------------------------- Comment by going to Community [http://community.jboss.org/docs/DOC-16587] Create a new document in JBoss AS7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=102&am...]