Authorization constructs in PicketLink3
by Anil Saldhana
Shane/Pedro - we should start discussing the constructs for
authorization in PL3. We have a few options on the table. We need to
figure out what we need such that for PL3 users, we have some options.
Lets use this thread to figure out the various options/strategies.
11 years, 6 months
Quickstarts
by Anil Arora
Is there a location for the quickstarts? I've seen references in the emails and on the Wiki roadmap, but I've not seen any discussion about that.
We're definitely anxious to see how we can utilize PicketLink 3 for our prototypes, including preliminary OAuth 2 support.
Thanks,
Anil
11 years, 7 months
Certificate Management in PicketLink
by Pedro Igor Silva
Hi All,
I would like to start a thread about supporting Certificate Management in PicketLink.
We have a input from AeroGear[1] where they need to manage certificates (import, retrieve, update and remove) in order to send push notifications to iOS devices using APNS.
One discussion that I would like to start here is if we really need something new or the requirements and use cases provided *so far* can be supported by a ready-to-use solution, such as the Java KeyStore. And try to understand better the value of this new project.
People have mentioned PicketBox DB Keystore, but this project is basically a KeyStore implementation that uses a relational database to manage keys and certs. If you're looking for a different way to store keys and certs, this project can provide a nice start.
Althought PicketLink IDM does not provide certificate management, simple use cases can use U/R/G attributes to store certificates as well, with some restrictions of course.
Certificate Management is a huge area, there are a lot of things we can do about it. But I don't want to bring complexity to something that can be simple.
That said, if you guys can help with more requirements and maybe more use cases, that would be nice to understand better what we're trying to achieve.
[1] https://gist.github.com/matzew/b918eb45d3f17de09b8f#ios-variant
Regards.
Pedro Igor
11 years, 7 months
PicketLink 3 and Undertow
by Anil Saldhana
Hi All,
Undertow is scheduled to for Fall 2013 in line with Wildfly release.
I think the container bindings for Undertow for SAML and Social
functionality can be postponed past 3.0. Maybe PicketLink v3.1
Regards,
Anil
11 years, 7 months
Undertow / IdentityManager and Digest Authentication
by Darran Lofthouse
I have been saying for a while that I need to raise a discussion
regarding the verification of Digest based requests against an
IdentityManager.
At the moment this is predominantly needed for Undertow although there
is also a need for same with SASL.
The following document describes the proposed use of the Undertow
IdentityManager API and the requirement for the implementation i.e. what
we would need from PicketLink IDM once wrapped in the WildFly integration: -
https://community.jboss.org/wiki/Undertow-IdentityManager-DigestAuthentic...
The three methods on the IdentityManager interface previously used for
Digest based authentication will all be removed.
An identity manager that can provide this capability will also be
compatible with SASL based authentication without needing to be aware of
the actual verification requirements within SASL.
Regards,
Darran Lofthouse.
11 years, 7 months
PicketLink 3.0.0.Beta2 planning
by Anil Saldhana
Hi all,
I know we are putting finishing touches on codebase, quickstarts etc
before the Beta2 release. I was wondering if any of you had concerns
toward the release.
Regards,
Anil
11 years, 7 months
New SSO/OAuth2 Project
by Bill Burke
Hey all,
Mark Little approached me about starting a new project to provide an
SSO/OAuth2 solution for browser apps and RESTful web services. We've
gotten some buy-in/signoff from Anil, but I'd like to get buy-in/signoff
from Boleslaw especially and the rest of you.
The idea is to provide an integrated SSO/OAuth2 solution for browser
apps and RESTful web services that can be used as a plugin for AS, a
standalone auth server, a cloud auth server, and/or a cloud SaaS. The
end product being something hosted on OpenShift and usable by anybody.
I've started a requirements document and really need help rounding it out:
https://community.jboss.org/wiki/ResteasySkeletonKeyWebSSOOAuth
I also need help on the division of labor, if any with the Picketlink
team, or any individual on this team. I'm fine doing all the work,
delegating pieces to individuals, and/or reusing parts of Picketlink.
What should the division of labor be? My first thought is that I'd
build the service wholly or partially on the IDM API you all have been
working on. That way you guys could focus on storage and federation
(i.e. with LDAP, et. al.) and I could focus on UI, service, and protocol
aspects.
Also, as most of you already know. I've already done a ton of work so far:
http://docs.jboss.org/resteasy/docs/3.0-beta-4/userguide/html/oauth2.html
Previously I had also even started prototyping a cloudable IDP service
using Infinispan as a backend store.
https://github.com/resteasy/Resteasy/tree/master/jaxrs/security/skeleton-...
When the project is started, I'll be creating a new github project. I'd
like to name the project "Resteasy Skeleton Key" or "Picketlink Skeleton
Key".
Thoughts? Concerns? Ideas? Insults? Whines? Cheers? Trash Talk? Once
things get moving we'll also be talking to PM and the Cloud BU.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years, 7 months
