[security-dev] Undertow IDM

Pedro Igor Silva psilva at redhat.com
Wed Apr 24 17:14:53 EDT 2013 

----- Original Message -----
> From: "Stuart Douglas" <sdouglas at redhat.com>
> To: "Pedro Igor Silva" <psilva at redhat.com>
> Cc: "Anil Saldhana" <Anil.Saldhana at redhat.com>, security-dev at lists.jboss.org
> Sent: Wednesday, April 24, 2013 5:54:36 PM
> Subject: Re: [security-dev] Undertow IDM
> 
> 
> 
> Pedro Igor Silva wrote:
> > I think PL IDM can supply most of the methods defined in the
> > IdentityManager interface.
> >
> > Only not sure about the somethings related with password reset and account
> > locking. Althought the Credential API maintains the history of password
> > updates and custom attributes can also be used. Not sure, but maybe we
> > should have that in PL IDM, built-in support for password reset and
> > account locking.
> >
> 
> Not really sure what you mean here?

Sorry, I was talking about the PL IDM Credential API, not Undertow. Just wondering if we could provide within PL IDM a built-in way to reset password and lock accounts.

> 
> > Regarding DIGEST authentication and the getPassword method, if using PL IDM
> > this method is not necessary because we always store the HA1 value
> > (MD5(username:realm:password)). So you only need to pass the provided
> > password that it will be checked internally.
> 
> In that case you only need to implement the getHash() method, and just
> leave getPassword() returning null.
> 
> In general one of the main aims of the Undertow IDM API is to be a
> wrapper that allows us to use the PL IDM without a direct dependency on
> PL, while also allowing us to integrate with what we currently have in
> the Wildly upstream. If there are potential changes that will make it
> easier to integrate with PL then I am happy to discuss them.
> 

I agree with you that is a better design to not depend on PL directly, but define a lightweight interface in Undertow with what you require, under a identity management perspective. In think there is no need for changes given that getPassword is optional according with the javadocs.

> Stuart
> 
> >
> > Regards.
> > Pedro Igor
> >
> > ----- Original Message -----
> > From: "Anil Saldhana"<Anil.Saldhana at redhat.com>
> > To: security-dev at lists.jboss.org
> > Sent: Wednesday, April 24, 2013 3:54:48 PM
> > Subject: [security-dev] Undertow IDM
> >
> > Hi all,
> > https://github.com/undertow-io/undertow/tree/master/core/src/main/java/io/undertow/security/idm
> >
> > I am wondering how we can use PicketLink IDM in Undertow.
> >
> > Regards,
> > Anil
> > _______________________________________________
> > security-dev mailing list
> > security-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/security-dev
> > _______________________________________________
> > security-dev mailing list
> > security-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/security-dev
>

More information about the security-dev mailing list