[jboss-jira] [JBoss JIRA] (ELY-20) Where does OTP fit into realms?

Jan Kalina (JIRA) issues at jboss.org
Wed Jul 13 07:37:00 EDT 2016 

     [ https://issues.jboss.org/browse/ELY-20?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina updated ELY-20:
--------------------------
    Description: 
Will investigate further once we have a pure LDAP impl in.

We could have an architecture where we have an LDAP server that is then referenced by an *OTP server* or we could have the two somehow combined into one.

There are also requirements related to *marking a token as used* or *token invalidation after too many bad attempts* - this may be handled within the OTP server but for stronger authentication mechanisms may need to be more involved otherwise this becomes another case of falling back to PLAIN / BASIC auth.

  was:
Will investigate further once we have a pure LDAP impl in.

We could have an architecture where we have an LDAP server that is then referenced by an OTP server or we could have the two somehow combined into one.

There are also requirements related to marking a token as used or token invalidation after too many bad attempts - this may be handled within the OTP server but for stronger authentication mechanisms may need to be more involved otherwise this becomes another case of falling back to PLAIN / BASIC auth.



> Where does OTP fit into realms?
> -------------------------------
>
>                 Key: ELY-20
>                 URL: https://issues.jboss.org/browse/ELY-20
>             Project: WildFly Elytron
>          Issue Type: Sub-task
>            Reporter: Darran Lofthouse
>            Assignee: Jan Kalina
>             Fix For: 1.1.0.CR1
>
>
> Will investigate further once we have a pure LDAP impl in.
> We could have an architecture where we have an LDAP server that is then referenced by an *OTP server* or we could have the two somehow combined into one.
> There are also requirements related to *marking a token as used* or *token invalidation after too many bad attempts* - this may be handled within the OTP server but for stronger authentication mechanisms may need to be more involved otherwise this becomes another case of falling back to PLAIN / BASIC auth.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list