1:40 p.m.
Consider:
IDM:
* associates identities with credentials
* provides ability to retrieve credentials or verify against credentials
Vault:
* associates identities with credentials
* provides ability to retrieve credentials or verify using credentials
So, they're basically the same thing, except vaults are kind of a crappy
hack. Instead of using a sys prop kludge for vaulted passwords, we
should have an explicit reference to an identity store plus an identity,
and simply not have a field for passwords in the config, period.
Discuss
--
- DML
7:38 p.m.
A very thought provoking observation.
IMO in the presence of IDM lite, the vault is not necessary. Eventually
we can probably retire
the vault by using the File System store implementation of the IDM in
the app server.
A vault has just one purpose. Safe storage and retrieval of attributes
for identities. In the case of app server,
the primary use case has been safe storate/retrieval of passwords. The
vault is not supposed to validate
credentials.
There is a weak link in the case of the vault. Password to the KeyStore
has to be masked (for specifying in
the configuration) or retrieved in a proprietary manner.
On 07/31/2013 01:40 PM, David M. Lloyd wrote:
Consider:
IDM:
* associates identities with credentials
* provides ability to retrieve credentials or verify against credentials
Vault:
* associates identities with credentials
* provides ability to retrieve credentials or verify using credentials
So, they're basically the same thing, except vaults are kind of a crappy
hack. Instead of using a sys prop kludge for vaulted passwords, we
should have an explicit reference to an identity store plus an identity,
and simply not have a field for passwords in the config, period.
Discuss
4142
days inactive
4143
days old
1 comments
2 participants
participants (2)
-
Anil Saldhana -
David M. Lloyd