[security-dev] IdentityManager interface
Anil Saldhana
Anil.Saldhana at redhat.com
Thu Sep 27 10:46:09 EDT 2012
On 09/26/2012 02:24 PM, Jason Porter wrote:
> Hey all,
>
> I'm going through the API again as I've seen some changes since I last
> went through it. I may be the only one in this boat, but I feel like
> this interface is starting to become too crowded. Should some of the
> methods be moved over to their respective objects (Identity, User,
> Role, Group, etc)? Should we split things off into a different
> interface? I'm also becoming concerned with the password and
> certificate methods on there.
For each user/application, there can be multiple things that need to be
secured:
- passwords
- oauth consumer secret
- certificates
As you later say, we probably need another class to manage these, rather
than being in IdentityManager and IdentityStore.
>
> It seems to me these are essentially authentication challenges.
> Eventually I'm sure we'll add more like OAuth or OpenId, two-factor
> auth, etc. Will each of these be their own methods? Could it be a
> configuration option to build up a chain of authentication challenge
> providers? I had initially thought of a challenge object which would
> allow input and provide a simple response: pass, fail, move to next
> challenge. Maybe that's too broad or a bad idea, I don't really know,
> just throwing out ideas.
I have already used PL IDM in my oauth project. The biggest question I
had was how do we represent applications that need to have a consumer
key and consumer secret along with app name, app description, app icon
and app redirect URL. Right now, I just modeled the application as an User.
>
> Just looking to make this easy to use and make sure it makes sense to
> users (who I think would be coming from a Java EE background).
Users will deal with IdentityManager interface alone. IdentityStore
interface is used by implementers of data store bridges - JPA, LDAP,
file etc etc.
More information about the security-dev
mailing list