RE: [higgins-dev] JAAS Scenario

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

RE: [higgins-dev] JAAS Scenario

From: "Brian Carroll" <BCarroll@xxxxxxxxxx>
Date: Thu, 20 Apr 2006 14:56:32 -0700
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <http://eclipse.org/pipermail/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AcZj/ArrlKypXgV9RT64Ie62dxworgAxsphw
Thread-topic: [higgins-dev] JAAS Scenario

Regarding: "How important is RCP?", I see two use cases:
 
1. For industries such as the medical profession, where professionals in
an office tend to log on to an application, do some work, and log off
many times during the day (i.e., the workstations are shared, not
dedicated to an individual), and there need to be some authentication
and traceability of who did what.  The Eclipse Healthcare project has
that requirement, and I believe there is a lot of interest in building
such healthcare applications on top of RCP.  To generalize this line of
thinking, industries have looked at RCP and decided it is a solid
potential platform to build applications on, except that it needs
"enterprise -class" capabilities, such as security.  Adding JAAS would
make RCP much more acceptable to be used for "enterprise" applications.
 
2. For developer tools that operate in an environment where security and
auditability is important.  An example is ALF, where Eclipse-based tools
should know who is operating the tool. If JAAS is incorporated into RCP,
a consequence is that JAAS will be available to Eclipse plug-in-based
tools.
 
Brian
Brian Carroll
Serena Fellow
Serena
(ofc)  (503) 617-2436
(cell)  (503) 318-2017
bcarroll@xxxxxxxxxx 
 

________________________________

From: higgins-dev-bounces@xxxxxxxxxxx
[mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Anthony Nadalin
Sent: Wednesday, April 19, 2006 2:56 PM
To: Higgins (Trust Framework) Project developer discussions
Subject: RE: [higgins-dev] JAAS Scenario



OK, so based upon the response, looks like there may be a RCP tie here
and there may not. So adding RCP adds to the adds to the mix. As there
would need to be a framework to bridge core JAAS and the Eclipse RCP.
The benefits being the ability to provided login configurations and
login modules in plugins(bundles), more easily contribute login modules,
add a series of login events to the RCP, and provide the concept of a
"platform" login to the RCP. 

So I believe that the IBM RCP team has done the above but has not
contributed it to RCP project yet. So how important is RCP ? 

So I agree that we should add a JAAS/PAM box parallel level to "Other
RCP Apps" or just as another box for "Java Applications" 

My team owns the JAAS code for the JDK so we could help out here, I just
need to understand the scenario but the scenario I see is the following:


browser->web application server->jaas login module->create jaas subject
(context)-> create jaas principal (digital subject) -> call higgings to
populate the principal objects (HTags) 


Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
 "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>




				"Paul Trevithick"
<paul@xxxxxxxxxxxxxxxxx> 
				Sent by: higgins-dev-bounces@xxxxxxxxxxx


				04/19/2006 04:10 PM 
	
	Please respond to
"Higgins (Trust Framework) Project developer discussions"
<higgins-dev@xxxxxxxxxxx>

 

To

"'Higgins (Trust Framework) Project developer discussions'"
<higgins-dev@xxxxxxxxxxx>	


cc

	


Subject

RE: [higgins-dev] JAAS Scenario	
	 	

My understanding of JAAS is shallow. I think we need to create a
LoginContext that sits above Higgins API as a client. Then, we need to
create a root context provider impl that uses the JAAS KeyStore. After
that things get really fuzzy for me. I pinged one of the Lotus Workspace
folks who knows JAAS to ask if he'd help us think this through but I
didn't hear back. I guess in a sense we would be using a JAAS
LoginContext to wrap Higgins that in turn contained H-Tags. Must learn
JAAS better. I did realize one thing the other day: I think we should
add a JAAS LoginContext box to this picture: 
http://spwiki.editme.com/ArchitectureM4
<http://spwiki.editme.com/ArchitectureM4>  at a parallel level to "Other
RCP Apps".


So one of the scenarios that comes up is the integration of JAAS with
Higgins, so JAAS has the notion of LoginModules, these modules are
responsible for creating Subject and Principal objects and maybe
Credential objects based upon the authentication. So is the driving
force being able to use JAAS to wrapper HTags or something else ?

Anthony Nadalin | Work 512.838.0085 | Cell
512.289.4122_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev



**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

Follow-Ups:
- RE: [higgins-dev] JAAS Scenario
  - From: Mike Milinkovich

Prev by Date: RE: [higgins-dev] STS Requirements
Next by Date: [higgins-dev] Notes from 5pm ET 4/20/2006 Higgins conf call
Previous by thread: RE: [higgins-dev] JAAS Scenario
Next by thread: RE: [higgins-dev] JAAS Scenario
Index(es):
- Date
- Thread

Breadcrumbs