[jboss-dev-forums] [JBoss AS7 Development] - Management API Security Transport Authentication

Wed Oct 5 09:41:54 EDT 2011

Brian Stansberry [http://community.jboss.org/people/brian.stansberry] modified the document:

"Management API Security Transport Authentication"

To view the document, visit: http://community.jboss.org/docs/DOC-16587

--------------------------------------------------------------
h1. Transport Authentication
At the transport level we will support the following mechanisms for establishing and verifying the identity of the client connecting to the server.

|| *Native (SASL)* || *HTTP* ||
| +Plain *1 (DONE)
+ | Basic (DONE) |
| Digest_MD5 (DONE) | Digest (DONE) |
| GSSAPI (WILL BE IN 7.1) | SPNEGO (WILL BE IN 7.1) |
| +External *1  (+WILL BE IN 7.1+)
+ | Client Cert +(+WILL BE IN 7.1+)+ |
| +AS Security Token *2+ | +AS Security Token *2+ |

*1 Not supplied by the JDK. We will provide a provider.
*2 To be considered at a later point to minimise overhead establishing connection to different nodes.
h5. Notes
The Native connection is using Remoting 3 so will make use of the JDK supplied SASL implementation.

Support for Plain / Basic although should be avoided if Digest_MD5 / Digest can be used will be provided for scenarios where pass through of both username and password to back end user database is required.

A single transport will be required to support multiple mechanisms e.g. The Native API may need to use External authentication for hosts but Digest_MD5 for connections from administrators.

h3. Reference

SASL and SASL External -  http://datatracker.ietf.org/doc/rfc4422/ http://datatracker.ietf.org/doc/rfc4422/
SASL Plain -  http://datatracker.ietf.org/doc/rfc4616/ http://datatracker.ietf.org/doc/rfc4616/
SASL Digest_MD5 -  http://datatracker.ietf.org/doc/rfc2831/ http://datatracker.ietf.org/doc/rfc2831/
SASL GSSAPI -  http://datatracker.ietf.org/doc/rfc4752/ http://datatracker.ietf.org/doc/rfc4752/
Java SASL Documentation -  http://download.oracle.com/javase/6/docs/technotes/guides/security/sasl/sasl-refguide.html http://download.oracle.com/javase/6/docs/technotes/guides/security/sasl/sasl-refguide.html

HTTP Basic and Digest -  http://datatracker.ietf.org/doc/rfc2617/ http://datatracker.ietf.org/doc/rfc2617/
HTTP SPNEGO -  http://datatracker.ietf.org/doc/rfc4559/ http://datatracker.ietf.org/doc/rfc4559/
Java Secure Programming and SSO -  http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/index.html http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/index.html
--------------------------------------------------------------

Comment by going to Community
[http://community.jboss.org/docs/DOC-16587]

Create a new document in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20111005/9bea67e2/attachment.html 