[security-dev] IdentityManager interface
Pedro Igor Silva
psilva at redhat.com
Fri Sep 28 16:22:45 EDT 2012
Hi All,
As Anil suggested, I've created a gist with some side notes regarding the PicketLink IDM API.
There is also a "Additional Requirements" section where you can put some specific requirement or use case.
You can check it here: https://gist.github.com/3801805.
Regards.
Pedro Igor
----- Original Message -----
From: "Anil Saldhana" <Anil.Saldhana at redhat.com>
To: security-dev at lists.jboss.org
Sent: Thursday, September 27, 2012 11:46:09 AM
Subject: Re: [security-dev] IdentityManager interface
On 09/26/2012 02:24 PM, Jason Porter wrote:
> Hey all,
>
> I'm going through the API again as I've seen some changes since I last
> went through it. I may be the only one in this boat, but I feel like
> this interface is starting to become too crowded. Should some of the
> methods be moved over to their respective objects (Identity, User,
> Role, Group, etc)? Should we split things off into a different
> interface? I'm also becoming concerned with the password and
> certificate methods on there.
For each user/application, there can be multiple things that need to be
secured:
- passwords
- oauth consumer secret
- certificates
As you later say, we probably need another class to manage these, rather
than being in IdentityManager and IdentityStore.
>
> It seems to me these are essentially authentication challenges.
> Eventually I'm sure we'll add more like OAuth or OpenId, two-factor
> auth, etc. Will each of these be their own methods? Could it be a
> configuration option to build up a chain of authentication challenge
> providers? I had initially thought of a challenge object which would
> allow input and provide a simple response: pass, fail, move to next
> challenge. Maybe that's too broad or a bad idea, I don't really know,
> just throwing out ideas.
I have already used PL IDM in my oauth project. The biggest question I
had was how do we represent applications that need to have a consumer
key and consumer secret along with app name, app description, app icon
and app redirect URL. Right now, I just modeled the application as an User.
>
> Just looking to make this easy to use and make sure it makes sense to
> users (who I think would be coming from a Java EE background).
Users will deal with IdentityManager interface alone. IdentityStore
interface is used by implementers of data store bridges - JPA, LDAP,
file etc etc.
_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list