[security-dev] IdentityManager interface

Pedro Igor Silva psilva at redhat.com
Fri Sep 28 16:22:45 EDT 2012


Hi All,

    As Anil suggested, I've created a gist with some side notes regarding the PicketLink IDM API.

    There is also a "Additional Requirements" section where you can put some specific requirement or use case.

    You can check it here: https://gist.github.com/3801805.

Regards.
Pedro Igor

----- Original Message -----
From: "Anil Saldhana" <Anil.Saldhana at redhat.com>
To: security-dev at lists.jboss.org
Sent: Thursday, September 27, 2012 11:46:09 AM
Subject: Re: [security-dev] IdentityManager interface

On 09/26/2012 02:24 PM, Jason Porter wrote:
> Hey all,
>
> I'm going through the API again as I've seen some changes since I last 
> went through it. I may be the only one in this boat, but I feel like 
> this interface is starting to become too crowded. Should some of the 
> methods be moved over to their respective objects (Identity, User, 
> Role, Group, etc)? Should we split things off into a different 
> interface? I'm also becoming concerned with the password and 
> certificate methods on there.
For each user/application, there can be multiple things that need to be 
secured:
- passwords
- oauth consumer secret
- certificates

As you later say, we probably need another class to manage these, rather 
than being in IdentityManager and IdentityStore.


>
> It seems to me these are essentially authentication challenges. 
> Eventually I'm sure we'll add more like OAuth or OpenId, two-factor 
> auth, etc. Will each of these be their own methods? Could it be a 
> configuration option to build up a chain of authentication challenge 
> providers? I had initially thought of a challenge object which would 
> allow input and provide a simple response: pass, fail, move to next 
> challenge. Maybe that's too broad or a bad idea, I don't really know, 
> just throwing out ideas.
I have already used PL IDM in my oauth project.  The biggest question I 
had was how do we represent applications that need to have a consumer 
key and consumer secret along with app name, app description, app icon 
and app redirect URL.  Right now, I just modeled the application as an User.

>
> Just looking to make this easy to use and make sure it makes sense to 
> users (who I think would be coming from a Java EE background).
Users will deal with IdentityManager interface alone.  IdentityStore 
interface is used by implementers of data store bridges - JPA, LDAP, 
file etc etc.
_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev


More information about the security-dev mailing list