Re: [security-dev] PicketLink SCIM Module
+1 as well. Regarding authentication I remember SCIM spec leaves it open
but suggests using oauth bearer tokens. Would be good to keep sync with
Bill to not duplicate oauth work between PL and his effort.
On 05/21/2013 02:56 PM, Pedro Igor Silva wrote:
+1.
But regarding the two set of RESTful services, maybe we can have only
a SCIM set where the PicketLink additional features can be handled as
extensions to the base schema.
----- Original Message ----- From: "Shane Bryzak"
<sbryzak(a)redhat.com> To: "security-dev >>
\"security-dev(a)lists.jboss.org\"" <security-dev(a)lists.jboss.org>
Sent: Tuesday, May 21, 2013 5:22:06 AM Subject: [security-dev]
PicketLink SCIM Module
I've been reviewing the capabilities of the SCIM module (which are
defined by the SCIM specification [1]) and someone correct me if I'm
wrong, but it only seems to provide a subset of the features that we
support in PicketLink. Specifically missing are authentication, and
support for the extended relationship types (basically everything
besides group membership). I'm wondering if it might be worth
providing a PicketLink REST module instead, which would provide two
sets of RESTful services; the first being a SCIM-compliant service,
the second being a more proprietary service that exposes all of the
capabilities of PicketLink.
On top of this, I think it would be of huge benefit to provide both
Java and JavaScript clients to consume both services. Anil has
already implemented a Java-based SCIM client in the SCIM module, but
imagine if we provided PicketLink JavaScript scripts that web
application developers could drop into their app - this would be a
huge development time saver. I'm also thinking that the JavaScript
clients should support a variety of authentication mechanisms; BASIC,
DIGEST, X509, user/password, OAuth, etc. This is kind of uncharted
territory for me (REST-based auth) so any feedback or opinions on
this would be appreciated.
Shane
[1] http://www.simplecloud.info/specs/draft-scim-api-01.html
_______________________________________________ security-dev mailing
list security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev
_______________________________________________ security-dev mailing
list security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev