[jboss-jira] [JBoss JIRA] (ELY-116) Review getRealmName on RealmIdentity
David Lloyd (JIRA)
issues at jboss.org
Thu Oct 23 11:56:36 EDT 2014
[ https://issues.jboss.org/browse/ELY-116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13014658#comment-13014658 ]
David Lloyd commented on ELY-116:
---------------------------------
My opinion (summarized from chat discussion) is that the realm's own name should be interpreted in the context of either the mechanism that is using it or the security domain in which it was defined, depending on what phase of the authentication is happening. The realm should not have its own internal name.
In mechanisms which use the realm name, the mapping is in fact quite arbitrary - name rewriters and realm mappers can interpret the mechanism realm name in any way imaginable, so from the perspective of the mechanism, the realm's idea of what its own name is, is already irrelevant.
Once the realm mapping is complete, the resultant name would be used by the security domain only to locate the realm to use.
> Review getRealmName on RealmIdentity
> ------------------------------------
>
> Key: ELY-116
> URL: https://issues.jboss.org/browse/ELY-116
> Project: WildFly Elytron
> Issue Type: Task
> Components: API / SPI
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: api_review
> Fix For: 1.0.0.Beta1
>
>
> Within the subsystem we considering that a realm can be aliased by the time it is contained in a security domain, this then calls into question the realm name of any identity it creates.
> Need a more thorough review of how the name of the realm will be used, need to also consider how it fits with authentication mechanisms that use the realm name e.g. Digest and also credentials that incorporate the realm name.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list