[jboss-as7-dev] security metadata
Bill Burke
bburke at redhat.com
Fri Sep 23 13:36:52 EDT 2011
On 9/23/11 12:34 PM, Bill Burke wrote:
>
>
> On 9/23/11 12:24 PM, Anil Saldhana wrote:
>> On 09/23/2011 09:02 AM, Bill Burke wrote:
>>> I want to talk about where app-developers want to security metadata,
>>> how, and what the format is.
>>>
>>> I've already discussed a bit of the types of information that needs to
>>> be stored:
>>>
>>> - username/password
>>> - keypairs
>>> - JPG images
>>> - TOTP keys
>>> - nonces
>>> - Tokens
>> These will be attributes pertaining to an user and generated for an
>> user? So basically, we are looking at a simple identity store that has
>> Identity/Attributes mapping. Look at picketlink IDM.
>> http://anonsvn.jboss.org/repos/picketlink/idm/
>>
>
> Needs better integration with AS. From what I saw, its a lot of
> configuration just to set it up.
>
What I'm saying is that it should be embedded within AS7. Having it as
a separate process is just repetitive work. The current plugins
(user/roles/passwords) need to be rewritten to use this store. That way
you have every authentication type using the same storage instead of the
mish-mash hack, band-aid stuff we have currently (i.e. the totp plugin
which can only use property files).
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the jboss-as7-dev
mailing list