[JBoss JIRA] (ELY-178) Domain to domain identity propagation
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-178?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse updated ELY-178:
---------------------------------
Fix Version/s: 1.0.0.Alpha4
(was: 1.0.0.Alpha3)
> Domain to domain identity propagation
> -------------------------------------
>
> Key: ELY-178
> URL: https://issues.jboss.org/browse/ELY-178
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: Realms
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.0.0.Alpha4
>
>
> At the lowest level a users identity is associated with a single SecurityRealm, two accounts that authenticated against different realms will never be considered equal.
> However on top of this we have the security domains, a security domain amongst other things is an aggregation of realms. Incoming server connections and also applications can be associated with a security domain. However we still have the following two scenarios of a call to complete the consideration for: -
> Connection -> Deployment
> Deployment -> Deployment
> In the first case the connection may be associated with a security domain with a large set of realms, however the deployment may be associated with a smaller set of realms. In the case that the realm is in both of these domains we need the identity to be able to automatically propagate.
> Same for deployment to deployment calls, if there is a common realm the identity should propagate.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months
[JBoss JIRA] (ELY-176) HTTP AuthenticationMechanism Factory and Provider registration.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-176?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse updated ELY-176:
---------------------------------
Fix Version/s: 1.0.0.Alpha4
(was: 1.0.0.Alpha3)
> HTTP AuthenticationMechanism Factory and Provider registration.
> ---------------------------------------------------------------
>
> Key: ELY-176
> URL: https://issues.jboss.org/browse/ELY-176
> Project: WildFly Elytron
> Issue Type: Sub-task
> Components: HTTP
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.0.0.Alpha4
>
>
> We are for now going to need to be Undertow specific unless we come up with a solution for a generic API/SPI to be implemented by HTTP mechanisms that also gives access to the request / response.
> This task is to define a factory SPI and to make all known HTTP mechanisms available using this SPI.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months
[JBoss JIRA] (ELY-174) HTTP Authentication
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-174?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse updated ELY-174:
---------------------------------
Fix Version/s: 1.0.0.Alpha4
(was: 1.0.0.Alpha3)
> HTTP Authentication
> -------------------
>
> Key: ELY-174
> URL: https://issues.jboss.org/browse/ELY-174
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: HTTP
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.0.0.Alpha4
>
>
> So far we have been very focussed on the SASL side of authentication, similar capabilities are required for HTTP - the difference being that SASL is based on selecting one at a time, HTTP all mechanisms need to run concurrently.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months
[JBoss JIRA] (ELY-159) Discovery of available algorithms for credential types
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-159?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse updated ELY-159:
---------------------------------
Fix Version/s: 1.0.0.Alpha4
(was: 1.0.0.Alpha3)
> Discovery of available algorithms for credential types
> ------------------------------------------------------
>
> Key: ELY-159
> URL: https://issues.jboss.org/browse/ELY-159
> Project: WildFly Elytron
> Issue Type: Sub-task
> Components: API / SPI
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.0.0.Alpha4
>
>
> The overall purpose of the getCredentialSupport calls is so that we can discover information about the supported credentials as authentication mechanisms are offered - the algorithm for the digest is just as important as knowing the general type.
> May just be a part of ELY-151 or may be something in addition.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
8 years, 9 months