Re: [security-dev] Resteasy authentication

Hi Bill, What do you think about having something like the SASL Mechanism Negotiation for JAX-RS ? For example, we can have a Authentication Service (JAX-RS Endpoint) that knows how to negotiate the different supported authentication mechanisms using JSON objects during this interaction. Example: 1) Client requests authentication (possibly implicitly by connecting to the server) 2) Server responds with a list of supported mechanisms using a specific JSON format. The JSON tells which mechanisms are supported and also details about how to use them. 3) Client chose one of the mechanisms. 4) Client uses the information returned by the server to send an authentication request based on the expected format for the mechanism he did choose. Maybe the format can be mapped to a specific credential type (like we have in PicketBox 5). 5) Client and server then exchange data, one round-trip at a time, until authentication either succeeds or fails. Regards. Pedro Igor ----- Original Message ----- From: "Bill Burke" <bburke(a)redhat.com&gt; To: security-dev(a)lists.jboss.org, "Jay Balunas" <jbalunas(a)redhat.com&gt;, "Douglas Campos" <qmx(a)qmx.me&gt;, abstractj(a)redhat.com Sent: Wednesday, November 21, 2012 7:49:30 PM Subject: [security-dev] Resteasy authentication Here's what I'm doing for a Restasy authentication solution (and how it relates to Picketlink). http://bill.burkecentral.com/2012/11/21/scoping-out-resteasy-skeleton-key... I should have something by Christmas that everybody can try out. Probably sooner. Have a nice Thanksgiving everybody. Bill -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev