Re: [undertow-dev] When DIGEST support?

On Jun 11, 2013, at 2:28 PM, Jason Greene <jason.greene(a)redhat.com&gt; wrote: > On Jun 11, 2013, at 2:20 PM, Anil Saldhana <Anil.Saldhana(a)redhat.com&gt; wrote: > >> On 06/11/2013 02:17 PM, Bill Burke wrote: >>> On 6/11/2013 3:07 PM, Jason Greene wrote: >>>>> On Jun 11, 2013, at 12:26 PM, Anil Saldhana&lt;Anil.Saldhana(a)redhat.com&gt; wrote: >>>>> >>>>>>> On 06/11/2013 07:58 AM, Anil Saldhana wrote: >>>>>>>>> On Jun 11, 2013, at 7:23 AM, Jason Greene&lt;jgreene(a)redhat.com&gt; wrote: >>>>>>>>> >>>>>>>>>>> Hmm I guess that means we need a picketlink IDM subsystem? >>>>>>>>> We have a subsystem ready. >>>>>>> https://docs.jboss.org/author/display/PLINK/PicketLink+Subsystem >>>>>>> Feedback welcome. >>>>> I like the typed syntax, but I do not like the fact this is using JPA over JDBC. It's going to create a dependency mess (now all wildfly distributions that want to use database auth will require Java EE), and it will slow server initialization for very little gain. >>>>> >>> They have a file store. >> The Identity Store implementations can be: >> a) database via jpa >> b) file system (created exclusively for Wildfly) >> c) ldap >> d) mix and match >> >> Regarding Jason's concern about database authentication requiring EE api >> (due to JPA) slowing server startup, that is going to be tough as the >> alternative would be straight JDBC. > > Why is that a problem though? JDBC isn't that hard, all vendors these days support portable ANSI 92 sql, and the complexity of queries that an IDM needs to execute is small. > I guess I should be having this discussion on the security dev list :) -Jason