Community
Participate
Working Groups
Lotus shares the requirement with several customers at EclipseCon this year that requested the ability to secure the platform with a login infrastructure. Lotus would prefer that the infrastructure be based on Java Authentication and Authorization Service (JAAS), with the intention of enabling Subject based permission checking in a later release.
As an implementation note, it would be nice to have a button somewhere (status bar?) with a key or lock drawn on it. After clicking this button, user would be presented with a login dialog. Also, JAAS should allow more sophisticated login modules (smartcards etc.) to be used instead. Once the base functionality is implemented, it will open some rather interesting areas for investigation: - using OS login information / single login - managing user capabilities based on the login credentials
Is anything planned for 3.3 ?
no, unfortunately the contribution did not come through in time. We are hopeful for 3.4
Marking as plan.
Moving to Security component
Is this addressed in 3.4 already ?
Not really. The 3.4 contains adaptation of the JAAS framework for OSGi bundles world, and some initial bits of infrastructure but there is no code yet (neither a complete architecture) to obtain user's credentials.
Clarifying Oleg's comments.... The support for JAAS - in terms of extension-point based contribution, factories and an event model - is in place. This is good progress, and gives people something to play with and test out. Going forward, we do need to make some ubiquitous support for asking 'who am I?' in any context. This will require wiring into the application lifecycle and dealing with the complexity of client threading models. This is 3.4+ work. I'd call this one closed, and use this one: https://bugs.eclipse.org/bugs/show_bug.cgi?id=218998 For future integration into the runtime.
closing as fixed then. Future work is tracked by bug 218998