Re: [security-dev] Credentials API redesign
On 12/6/2012 10:00 AM, Darran Lofthouse wrote:
I can see that there are cases where we know the User so it is
desirable
to supply it but there are still the cases where we don't know the user
until after the credential has been verified.
Elaborate? Sounds like this is protocol specific and resolving the user
should be done in protocol code. The IDM shouldn't be involved with
protocol specifics. Or, at least, it should as separated as possible
from those specifics.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com