[jboss-as7-dev] security metadata
Anil Saldhana
Anil.Saldhana at redhat.com
Fri Sep 23 14:32:32 EDT 2011
On 09/23/2011 11:34 AM, Bill Burke wrote:
>
> On 9/23/11 12:24 PM, Anil Saldhana wrote:
>> On 09/23/2011 09:02 AM, Bill Burke wrote:
>>> I want to talk about where app-developers want to security metadata,
>>> how, and what the format is.
>>>
>>> I've already discussed a bit of the types of information that needs to
>>> be stored:
>>>
>>> - username/password
>>> - keypairs
>>> - JPG images
>>> - TOTP keys
>>> - nonces
>>> - Tokens
>> These will be attributes pertaining to an user and generated for an
>> user? So basically, we are looking at a simple identity store that has
>> Identity/Attributes mapping. Look at picketlink IDM.
>> http://anonsvn.jboss.org/repos/picketlink/idm/
>>
> Needs better integration with AS. From what I saw, its a lot of
> configuration just to set it up.
I started the branch 2.0 for IDM just to get the simpler api in place
for use with AS. I have not worked on it for few weeks as I have been
doing other things. I do suggest putting the store api in that project
so we can get it integrated into AS.
>>> Where do people stored this information?
>>>
>>> - 3rd Party IDP
>>> - 3rd party directory services (LDAP, ActiveDirectory)
>>> - config files within an app-deployment (WAR, EAR)
>>> - config files outside an app-deployment
>>> - a database
>>>
>> In real life, they typically store in an LDAP for fast read access.
>>
>> Their own schema's, or do they map to ours?
>>
Typically, they use custom ldap schemas beyond what is defined by ldap
specs. If you have a lot of r/w operations on the store, it is better to
use a db with use of transactions.
>>> What does the metadata look like?
>>>
>>> - JBoss defined schemas
>>> - Extenerally defined schemas (SAML, XACML, custom)
>>>
>>> How do they manage this metadata? Do our larger customers want to use
>>> non-JBoss identity management solutions? Would they use something we
>>> provided?
>> Currently mainly SAML and WS-Trust. They will use the PicketLink
>> Federation with saml and ws-trust capabilities, with custom adapters.
More information about the jboss-as7-dev
mailing list