[jboss-as7-dev] security metadata

Bill Burke bburke at redhat.com
Fri Sep 23 12:34:47 EDT 2011



On 9/23/11 12:24 PM, Anil Saldhana wrote:
> On 09/23/2011 09:02 AM, Bill Burke wrote:
>> I want to talk about where app-developers want to security metadata,
>> how, and what the format is.
>>
>> I've already discussed a bit of the types of information that needs to
>> be stored:
>>
>> - username/password
>> - keypairs
>> - JPG images
>> - TOTP keys
>> - nonces
>> - Tokens
> These will be attributes pertaining to an user and generated for an
> user?  So basically, we are looking at a simple identity store that has
> Identity/Attributes mapping.  Look at picketlink IDM.
> http://anonsvn.jboss.org/repos/picketlink/idm/
>

Needs better integration with AS.  From what I saw, its a lot of 
configuration just to set it up.

>> Where do people stored this information?
>>
>> - 3rd Party IDP
>> - 3rd party directory services (LDAP, ActiveDirectory)
>> - config files within an app-deployment (WAR, EAR)
>> - config files outside an app-deployment
>> - a database
>>
> In real life, they typically store in an LDAP for fast read access.
>

Their own schema's, or do they map to ours?

>> What does the metadata look like?
>>
>> - JBoss defined schemas
>> - Extenerally defined schemas (SAML, XACML, custom)
>>
>> How do they manage this metadata? Do our larger customers want to use
>> non-JBoss identity management solutions?  Would they use something we
>> provided?
> Currently mainly SAML and WS-Trust. They will use the PicketLink
> Federation with saml and ws-trust capabilities, with custom adapters.



-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the jboss-as7-dev mailing list