[security-dev] PicketLink SCIM Module

Thomas Heute theute at redhat.com
Wed May 22 08:07:42 EDT 2013


+1

On 05/21/2013 03:11 PM, Bolesław Dawidowicz wrote:
> +1 as well. Regarding authentication I remember SCIM spec leaves it open
> but suggests using oauth bearer tokens. Would be good to keep sync with
> Bill to not duplicate oauth work between PL and his effort.
>
> On 05/21/2013 02:56 PM, Pedro Igor Silva wrote:
>> +1.
>>
>> But regarding the two set of RESTful services, maybe we can have only
>> a SCIM set where the PicketLink additional features can be handled as
>> extensions to the base schema.
>>
>>
>> ----- Original Message ----- From: "Shane Bryzak"
>> <sbryzak at redhat.com> To: "security-dev >>
>> \"security-dev at lists.jboss.org\"" <security-dev at lists.jboss.org>
>> Sent: Tuesday, May 21, 2013 5:22:06 AM Subject: [security-dev]
>> PicketLink SCIM Module
>>
>> I've been reviewing the capabilities of the SCIM module (which are
>> defined by the SCIM specification [1]) and someone correct me if I'm
>> wrong, but it only seems to provide a subset of the features that we
>> support in PicketLink. Specifically missing are authentication, and
>> support for the extended relationship types (basically everything
>> besides group membership). I'm wondering if it might be worth
>> providing a PicketLink REST module instead, which would provide two
>> sets of RESTful services; the first being a SCIM-compliant service,
>> the second being a more proprietary service that exposes all of the
>> capabilities of PicketLink.
>>
>> On top of this, I think it would be of huge benefit to provide both
>> Java and JavaScript clients to consume both services. Anil has
>> already implemented a Java-based SCIM client in the SCIM module, but
>> imagine if we provided PicketLink JavaScript scripts that web
>> application developers could drop into their app - this would be a
>> huge development time saver. I'm also thinking that the JavaScript
>> clients should support a variety of authentication mechanisms; BASIC,
>> DIGEST, X509, user/password, OAuth, etc. This is kind of uncharted
>> territory for me (REST-based auth) so any feedback or opinions on
>> this would be appreciated.
>>
>> Shane
>>
>>
>> [1] http://www.simplecloud.info/specs/draft-scim-api-01.html
>>
>> _______________________________________________ security-dev mailing
>> list security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev
>> _______________________________________________ security-dev mailing
>> list security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev
>>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev



More information about the security-dev mailing list