Server Authentication Context Lifecycle --------------------------------------- Key: ELY-36 URL: https://issues.jboss.org/browse/ELY-36 Project: WildFly Elytron Issue Type: Task Components: API / SPI Reporter: Darran Lofthouse Fix For: 1.1.0.CR2 The authentication context is used with a sequence of calls during the authentication process, this task is to look into how we can apply a lifecycle to that so that appropriate clean up can be performed. This could be closely related to ELY-35 which specifically looks at outcome notification. When considering a lifecycle I think we have two key events to think about, the most natural one being once the authentication process is complete regardless of outcome - however should also consider intermediate responses going back to the client - we do not want to be holding onto expensive resources once we pass control back to the client as that risks a Dos based attack.