RE: [higgins-dev] JAAS Scenario

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

RE: [higgins-dev] JAAS Scenario

From: Anthony Nadalin <drsecure@xxxxxxxxxx>
Date: Wed, 19 Apr 2006 17:22:38 -0500
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <http://eclipse.org/pipermail/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>

The JAAS subject is a container of Principals and Credentials, thus I see the JAAS subject as the context in which the principals reside,

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Nataraj Nagaratnam/Raleigh/IBM@IBMUS

Nataraj Nagaratnam/Raleigh/IBM@IBMUS

Sent by: higgins-dev-bounces@xxxxxxxxxxx

04/19/2006 05:19 PM

Please respond to
"Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>

To	"Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>
cc	"Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>, higgins-dev-bounces@xxxxxxxxxxx
Subject	RE: [higgins-dev] JAAS Scenario

Wouldn't JAAS Subject be a representation of a Digital Identity? Ofcourse, that digital identity would be based on digital subject(s) information.

browser->web application server ->jaas login module->create jaas subject (digital identity for target context)-> create jaas principals and credentials (using data in digital subjects) -> call higgin to obtain info on digital subjects

Anthony Nadalin/Austin/IBM@IBMUS
Sent by: higgins-dev-bounces@xxxxxxxxxxx

04/19/2006 05:55 PM

Please respond to
"Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>

To	"Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>
cc
Subject	RE: [higgins-dev] JAAS Scenario

OK, so based upon the response, looks like there may be a RCP tie here and there may not. So adding RCP adds to the adds to the mix. As there would need to be a framework to bridge core JAAS and the Eclipse RCP. The benefits being the ability to provided login configurations and login modules in plugins(bundles), more easily contribute login modules, add a series of login events to the RCP, and provide the concept of a "platform" login to the RCP.

So I believe that the IBM RCP team has done the above but has not contributed it to RCP project yet. So how important is RCP ?

So I agree that we should add a JAAS/PAM box parallel level to “Other RCP Apps” or just as another box for "Java Applications"

My team owns the JAAS code for the JDK so we could help out here, I just need to understand the scenario but the scenario I see is the following:

browser->web application server->jaas login module->create jaas subject (context)-> create jaas principal (digital subject) -> call higgings to populate the principal objects (HTags)

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>

"Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>
Sent by: higgins-dev-bounces@xxxxxxxxxxx

04/19/2006 04:10 PM

Please respond to
"Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx>

To	"'Higgins (Trust Framework) Project developer discussions'" <higgins-dev@xxxxxxxxxxx>
cc
Subject	RE: [higgins-dev] JAAS Scenario

My understanding of JAAS is shallow. I think we need to create a LoginContext that sits above Higgins API as a client. Then, we need to create a root context provider impl that uses the JAAS KeyStore. After that things get really fuzzy for me. I pinged one of the Lotus Workspace folks who knows JAAS to ask if he’d help us think this through but I didn’t hear back. I guess in a sense we would be using a JAAS LoginContext to wrap Higgins that in turn contained H-Tags. Must learn JAAS better. I did realize one thing the other day: I think we should add a JAAS LoginContext box to this picture: http://spwiki.editme.com/ArchitectureM4 at a parallel level to “Other RCP Apps”.

So one of the scenarios that comes up is the integration of JAAS with Higgins, so JAAS has the notion of LoginModules, these modules are responsible for creating Subject and Principal objects and maybe Credential objects based upon the authentication. So is the driving force being able to use JAAS to wrapper HTags or something else ?

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122_______________________________________________ higgins-dev mailing list higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev_______________________________________________ higgins-dev mailing list higgins-dev@xxxxxxxxxxxhttps://dev.eclipse.org/mailman/listinfo/higgins-dev_______________________________________________ higgins-dev mailing list higgins-dev@xxxxxxxxxxxhttps://dev.eclipse.org/mailman/listinfo/higgins-dev

Follow-Ups:
- RE: [higgins-dev] JAAS Scenario
  - From: Jim Sermersheim

References:
- RE: [higgins-dev] JAAS Scenario
  - From: Nataraj Nagaratnam

Prev by Date: RE: [higgins-dev] JAAS Scenario
Next by Date: [higgins-dev] STS Requirements
Previous by thread: RE: [higgins-dev] JAAS Scenario
Next by thread: RE: [higgins-dev] JAAS Scenario
Index(es):
- Date
- Thread

Breadcrumbs