[security-dev] Resteasy authentication

Pedro Igor Silva psilva at redhat.com
Thu Nov 22 08:48:25 EST 2012


Hi Bill,

   What do you think about having something like the SASL Mechanism Negotiation for JAX-RS ?

   For example, we can have a Authentication Service (JAX-RS Endpoint) that knows how to negotiate the different supported authentication mechanisms using JSON objects during this interaction.

   Example:

       1) Client requests authentication (possibly implicitly by connecting to the server)
       2) Server responds with a list of supported mechanisms using a specific JSON format. The JSON tells which mechanisms are supported and also details about how to use them.
       3) Client chose one of the mechanisms.
       4) Client uses the information returned by the server to send an authentication request based on the expected format for the mechanism he did choose. Maybe the format can be mapped to a specific credential type (like we have in PicketBox 5).
       5) Client and server then exchange data, one round-trip at a time, until authentication either succeeds or fails.

Regards.
Pedro Igor

----- Original Message -----
From: "Bill Burke" <bburke at redhat.com>
To: security-dev at lists.jboss.org, "Jay Balunas" <jbalunas at redhat.com>, "Douglas Campos" <qmx at qmx.me>, abstractj at redhat.com
Sent: Wednesday, November 21, 2012 7:49:30 PM
Subject: [security-dev] Resteasy authentication

Here's what I'm doing for a Restasy authentication solution (and how it 
relates to Picketlink).

http://bill.burkecentral.com/2012/11/21/scoping-out-resteasy-skeleton-key-security/


I should have something by Christmas that everybody can try out. 
Probably sooner.

Have a nice Thanksgiving everybody.

Bill

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev


More information about the security-dev mailing list