[PicketBox 5] - Authentication API
by Pedro Igor Silva
Hi All,
I would like to know your opinion about the authentication API that is being used by PicketBox 5.You can check an initial documentation here: https://docs.jboss.org/author/display/SECURITY/PicketBox+Authentication+API.
We are considering some requirements during the construction of this API. They are as follows:
- Easy-to-use and fast to get started;
- Flexible architecture providing ways to use different mechanisms like Username/Password, Digest, …
[View More]Certificates, SASL, etc;
- Unified authentication API. Although you can use different mechanisms, the API usage is the same;
- Allow authentication using multiple stores: properties, databases, ldap, etc;
- Hide mechanism`s complexity from users. Users do not need to be aware of the complexities behind a specific mechanism;
- Environment agnostic. You can use it in a pure Java SE application and in a JEE/CDI environment as well;
- Challenge/Response design;
- Authentication Events. Users should be able to observe specific authentication events like pre/pos authentication, failures, etc.
- Auditing.
Regards,
Pedro Igor
[View Less]
12 years, 8 months
Moving DeltaSpike security to PicketLink
by Shane Bryzak
Hey guys,
I'm just looking at the infrastructure we have for doing this, currently
in the PicketLink github repo [1] we have picketlink-idm and cdi
repositories set up. I propose that we rename picketlink-idm to
picketlink-idm-legacy to make way for the new picketlink-idm, and rename
cdi to picketlink-cdi (this module will then contain all the CDI and
DeltaSpike integration for PicketLink IDM, plus some authorization
features such as ACLs and permission management). Are there any
…
[View More]objections to this?
Shane
[1] https://github.com/picketlink
[View Less]
12 years, 8 months
