[wildfly-dev] New security sub-project: WildFly Elytron
Radoslaw Rodak
rodakr at gmx.ch
Wed Jun 4 15:40:49 EDT 2014
> The following are presently non- or anti-goals:
>
> • Any provision to support JAAS Subject as a security context (due to
> performance and correctness concerns)†
> • Any provision to support JAAS LoginContext (due to tight integration
> with Subject)
> • Any provision to maintain API compatibility with PicketBox (this is
> not presently an established requirement and thus would add undue
> implementation complexity, if it is indeed even possible)
> • Replicate Kerberos-style ticket-based credential forwarding (just use
> Kerberos in this case)
>
> † You may note that this is in contrast with a previous post to the AS 7
> list [9] in which I advocated simply unifying on Subject. Subsequent
> research uncovered a number of performance and implementation weaknesses
> in JAAS that have since convinced the security team that we should no
> longer be relying on it.
Is there any hope to have in Elytron a way to be able to integrate third part products supporting user identity propagation with JAAS like Corba, IBM MQ … with Wildfly?
More information about the wildfly-dev
mailing list