[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [higgins-dev] JAAS Scenario
|
yea, What I was trying to get at is
that... is to line up with lexicon/terminology... and relationship between
JAAS Subject, JAAS Principal,, Higgins DigitalSubject, digital identity,
identifiers,
So, if we treat 'runtime' representation
is 'digital identity' whereas data in data store is 'digital subject'.
Thus JAAS Subject is a java binding/representation of digital identity,
that is based on data about the subjects from IdAS. This is similar
to what would be security tokens being representation of digital identity,
issued by STS, which uses an IdAS to get the attribute info,
Scott Lewis <slewis@xxxxxxxxxxxxx>
Sent by: higgins-dev-bounces@xxxxxxxxxxx
04/19/2006 06:48 PM
Please respond to
"Higgins (Trust Framework) Project developer discussions" <higgins-dev@xxxxxxxxxxx> |
|
To
| "Higgins (Trust Framework) Project
developer discussions" <higgins-dev@xxxxxxxxxxx>
|
cc
|
|
Subject
| Re: [higgins-dev] JAAS Scenario |
|
Hi All,
Subjects have a one-to-many relationship with named Principles...that is...one
authenticated Subject (user/service,etc) can/has multiple identities/Principals
of different types (all implement Principal interface). So, a Higgins
LoginModule would create any number of Principals, and assign them (along
with any desired credentials) to the authenticated Subject as part of the
login process (along with assigning public and private credentials to the
Subject as well).
Then, after login any code that wanted/need to get access/use these Principals
could/would call:
subject.getPrincipals() or subject.getPrincipals(Class higginsclass),
So Principals can be used to represent a variety of concepts (e.g. groups,
roles, etc)...all must be uniquely named (the basic contract of Principal).
Scott
Nataraj Nagaratnam wrote:
Wouldn't JAAS Subject be a representation of a Digital Identity? Ofcourse,
that digital identity would be based on digital subject(s) information.
browser->web application server ->jaas login module->create jaas
subject (digital identity for target context)-> create jaas principals
and credentials (using data in digital subjects) -> call higgin
to obtain info on digital subjects
OK, so based upon the response, looks like there may be a RCP tie here
and there may not. So adding RCP adds to the adds to the mix. As there
would need to be a framework to bridge core JAAS and the Eclipse RCP. The
benefits being the ability to provided login configurations and login modules
in plugins(bundles), more easily contribute login modules, add a series
of login events to the RCP, and provide the concept of a "platform"
login to the RCP.
So I believe that the IBM RCP team has done the above but
has not contributed it to RCP project yet. So how important is RCP ?
So I agree that we should add a JAAS/PAM box parallel level
to “Other RCP Apps” or just as another box for "Java Applications"
My team owns the JAAS code for the JDK so we could help
out here, I just need to understand the scenario but the scenario I see
is the following:
browser->web application server->jaas login module->create
jaas subject (context)-> create jaas principal (digital subject) ->
call higgings to populate the principal objects (HTags)
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
"Paul
Trevithick" <paul@xxxxxxxxxxxxxxxxx>
My understanding of JAAS is shallow. I think we need to create a LoginContext
that sits above Higgins API as a client. Then, we need to create a root
context provider impl that uses the JAAS KeyStore. After that things get
really fuzzy for me. I pinged one of the Lotus Workspace folks who knows
JAAS to ask if he’d help us think this through but I didn’t hear back.
I guess in a sense we would be using a JAAS LoginContext to wrap Higgins
that in turn contained H-Tags. Must learn JAAS better. I did realize one
thing the other day: I think we should add a JAAS LoginContext box to this
picture: http://spwiki.editme.com/ArchitectureM4
at a parallel level to “Other RCP Apps”.
So one of the scenarios that comes
up is the integration of JAAS with Higgins, so JAAS has the notion of LoginModules,
these modules are responsible for creating Subject and Principal objects
and maybe Credential objects based upon the authentication. So is the driving
force being able to use JAAS to wrapper HTags or something else ?
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev
_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev