[security-dev] IdentityManager interface

Shane Bryzak sbryzak at redhat.com
Wed Sep 26 16:23:25 EDT 2012


On 27/09/12 05:24, Jason Porter wrote:
> Hey all,
>
> I'm going through the API again as I've seen some changes since I last 
> went through it. I may be the only one in this boat, but I feel like 
> this interface is starting to become too crowded. Should some of the 
> methods be moved over to their respective objects (Identity, User, 
> Role, Group, etc)? Should we split things off into a different 
> interface? I'm also becoming concerned with the password and 
> certificate methods on there.

It does look like some new methods have crept in.  Which methods would 
you suggest moving over?  The identity model objects are designed to be 
lightweight and non-relational.

>
> It seems to me these are essentially authentication challenges. 
> Eventually I'm sure we'll add more like OAuth or OpenId, two-factor 
> auth, etc. Will each of these be their own methods? Could it be a 
> configuration option to build up a chain of authentication challenge 
> providers? I had initially thought of a challenge object which would 
> allow input and provide a simple response: pass, fail, move to next 
> challenge. Maybe that's too broad or a bad idea, I don't really know, 
> just throwing out ideas.

I agree with the concern over certificate methods being there, we 
originally just had password methods to cover the 90% use case.  If 
we're going to start managing other forms of credentials, we should look 
at abstracting out all credential management.

>
> Just looking to make this easy to use and make sure it makes sense to 
> users (who I think would be coming from a Java EE background).
>
> -- 
> Jason Porter
> http://lightguard-jp.blogspot.com
> http://twitter.com/lightguardjp
>
> Software Engineer
> Open Source Advocate
> Author of Seam Catch - Next Generation Java Exception Handling
>
> PGP key id: 926CCFF5
> PGP key available at: keyserver.net <http://keyserver.net>, 
> pgp.mit.edu <http://pgp.mit.edu>
>
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20120927/6a2383aa/attachment.html 


More information about the security-dev mailing list