[security-dev] PicketLink SCIM Module

Bolesław Dawidowicz bdawidow at redhat.com
Tue May 21 09:11:43 EDT 2013


+1 as well. Regarding authentication I remember SCIM spec leaves it open 
but suggests using oauth bearer tokens. Would be good to keep sync with 
Bill to not duplicate oauth work between PL and his effort.

On 05/21/2013 02:56 PM, Pedro Igor Silva wrote:
> +1.
>
> But regarding the two set of RESTful services, maybe we can have only
> a SCIM set where the PicketLink additional features can be handled as
> extensions to the base schema.
>
>
> ----- Original Message ----- From: "Shane Bryzak"
> <sbryzak at redhat.com> To: "security-dev >>
> \"security-dev at lists.jboss.org\"" <security-dev at lists.jboss.org>
> Sent: Tuesday, May 21, 2013 5:22:06 AM Subject: [security-dev]
> PicketLink SCIM Module
>
> I've been reviewing the capabilities of the SCIM module (which are
> defined by the SCIM specification [1]) and someone correct me if I'm
> wrong, but it only seems to provide a subset of the features that we
> support in PicketLink. Specifically missing are authentication, and
> support for the extended relationship types (basically everything
> besides group membership). I'm wondering if it might be worth
> providing a PicketLink REST module instead, which would provide two
> sets of RESTful services; the first being a SCIM-compliant service,
> the second being a more proprietary service that exposes all of the
> capabilities of PicketLink.
>
> On top of this, I think it would be of huge benefit to provide both
> Java and JavaScript clients to consume both services. Anil has
> already implemented a Java-based SCIM client in the SCIM module, but
> imagine if we provided PicketLink JavaScript scripts that web
> application developers could drop into their app - this would be a
> huge development time saver. I'm also thinking that the JavaScript
> clients should support a variety of authentication mechanisms; BASIC,
> DIGEST, X509, user/password, OAuth, etc. This is kind of uncharted
> territory for me (REST-based auth) so any feedback or opinions on
> this would be appreciated.
>
> Shane
>
>
> [1] http://www.simplecloud.info/specs/draft-scim-api-01.html
>
> _______________________________________________ security-dev mailing
> list security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
> _______________________________________________ security-dev mailing
> list security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
>



More information about the security-dev mailing list