RE: [higgins-dev] JAAS Scenario

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

RE: [higgins-dev] JAAS Scenario

From: "Mike Milinkovich" <mike.milinkovich@xxxxxxxxxxx>
Date: Fri, 21 Apr 2006 15:28:30 -0400
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <http://eclipse.org/pipermail/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
Organization: Eclipse Foundation, Inc.
Thread-index: AcZj/ArrlKypXgV9RT64Ie62dxworgAxsphwACwqyBA=

I agree that Brian has identified two key use cases. The general case about
making RCP more fully featured for enterprise applications is certainly
right on the mark.
 
In my mind asking "How important is RCP?" is somewhat akin to asking "How
important does Higgins want to be to Eclipse?"
 
There will be a security framework for RCP. If it is not Higgins, then it
will be another one. If Higgins is there first, it will very likely be used.
If Higgins decides to not do it, there is a higher probability that Higgins
will have limited utility to other projects within Eclipse community. (Of
course, if Equinox is already planning on building a JAAS mechanism and
release it as part of Equinox, that changes the conversation. But AFAIK,
that's not the case.)
 
With respect to Tony's comment: "So I believe that the IBM RCP team has done
the above but has not contributed it to RCP project yet. So how important is
RCP ?"
 
I really don't know how to respond to that. There is a ton of code that is
based on Eclipse within IBM which, for various sound business reasons, IBM
has chosen to not open source. That is clearly IBM's perogative. But I
really don't think that it implies much about the relevancy of RCP to
Higgins or vice versa.
 
I want to make it clear that my opinion does not matter. The Foundation does
not tell projects what to do, and whatever you decide is fine with us. I
just thought that I would let you know how I see the situation.
 
Mike Milinkovich
Executive Director,
Eclipse Foundation, Inc.
Office: 613-224-9461 x228
Cell: 613-220-3223
mike.milinkovich@xxxxxxxxxxx
 
blog: http://milinkovich.blogspot.com/
 



  _____  

From: higgins-dev-bounces@xxxxxxxxxxx
[mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Brian Carroll
Sent: April 20, 2006 5:57 PM
To: Higgins (Trust Framework) Project developer discussions
Subject: RE: [higgins-dev] JAAS Scenario


Regarding: "How important is RCP?", I see two use cases:
 
1. For industries such as the medical profession, where professionals in an
office tend to log on to an application, do some work, and log off many
times during the day (i.e., the workstations are shared, not dedicated to an
individual), and there need to be some authentication and traceability of
who did what.  The Eclipse Healthcare project has that requirement, and I
believe there is a lot of interest in building such healthcare applications
on top of RCP.  To generalize this line of thinking, industries have looked
at RCP and decided it is a solid potential platform to build applications
on, except that it needs "enterprise -class" capabilities, such as security.
Adding JAAS would make RCP much more acceptable to be used for "enterprise"
applications.
 
2. For developer tools that operate in an environment where security and
auditability is important.  An example is ALF, where Eclipse-based tools
should know who is operating the tool. If JAAS is incorporated into RCP, a
consequence is that JAAS will be available to Eclipse plug-in-based tools.
 
Brian
Brian Carroll
Serena Fellow
Serena
(ofc)  (503) 617-2436
(cell)  (503) 318-2017
bcarroll@xxxxxxxxxx 
 

  _____  

From: higgins-dev-bounces@xxxxxxxxxxx
[mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Anthony Nadalin
Sent: Wednesday, April 19, 2006 2:56 PM
To: Higgins (Trust Framework) Project developer discussions
Subject: RE: [higgins-dev] JAAS Scenario



OK, so based upon the response, looks like there may be a RCP tie here and
there may not. So adding RCP adds to the adds to the mix. As there would
need to be a framework to bridge core JAAS and the Eclipse RCP. The benefits
being the ability to provided login configurations and login modules in
plugins(bundles), more easily contribute login modules, add a series of
login events to the RCP, and provide the concept of a "platform" login to
the RCP. 


So I believe that the IBM RCP team has done the above but has not
contributed it to RCP project yet. So how important is RCP ? 


So I agree that we should add a JAAS/PAM box parallel level to "Other RCP
Apps" or just as another box for "Java Applications" 


My team owns the JAAS code for the JDK so we could help out here, I just
need to understand the scenario but the scenario I see is the following: 


browser->web application server->jaas login module->create jaas subject
(context)-> create jaas principal (digital subject) -> call higgings to
populate the principal objects (HTags) 



Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>"Paul
Trevithick" <paul@xxxxxxxxxxxxxxxxx>






	"Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx> 
Sent by: higgins-dev-bounces@xxxxxxxxxxx 

	04/19/2006 04:10 PM 

	

	Please respond to
"Higgins (Trust Framework) Project developer discussions"
<higgins-dev@xxxxxxxxxxx>




To

"'Higgins (Trust Framework) Project developer discussions'"
<higgins-dev@xxxxxxxxxxx>	



cc

	



Subject

RE: [higgins-dev] JAAS Scenario	
	 	

My understanding of JAAS is shallow. I think we need to create a
LoginContext that sits above Higgins API as a client. Then, we need to
create a root context provider impl that uses the JAAS KeyStore. After that
things get really fuzzy for me. I pinged one of the Lotus Workspace folks
who knows JAAS to ask if he'd help us think this through but I didn't hear
back. I guess in a sense we would be using a JAAS LoginContext to wrap
Higgins that in turn contained H-Tags. Must learn JAAS better. I did realize
one thing the other day: I think we should add a JAAS LoginContext box to
this picture:  <http://spwiki.editme.com/ArchitectureM4>
http://spwiki.editme.com/ArchitectureM4 at a parallel level to "Other RCP
Apps".


So one of the scenarios that comes up is the integration of JAAS with
Higgins, so JAAS has the notion of LoginModules, these modules are
responsible for creating Subject and Principal objects and maybe Credential
objects based upon the authentication. So is the driving force being able to
use JAAS to wrapper HTags or something else ?

Anthony Nadalin | Work 512.838.0085 | Cell
512.289.4122_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev





********************************************************************** 

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
Any unauthorized review, use, disclosure or distribution is prohibited. If
you are not the intended recipient, please contact the sender by reply
e-mail and destroy all copies of the original message.

Follow-Ups:
- RE: [higgins-dev] JAAS Scenario
  - From: Anthony Nadalin
- RE: [higgins-dev] JAAS Scenario
  - From: Paul Trevithick

References:
- RE: [higgins-dev] JAAS Scenario
  - From: Brian Carroll

Prev by Date: [higgins-dev] Notes from 8 pm ET 4/20/2006 Higgins conf call (2nd call)
Next by Date: RE: [higgins-dev] JAAS Scenario
Previous by thread: RE: [higgins-dev] JAAS Scenario
Next by thread: RE: [higgins-dev] JAAS Scenario
Index(es):
- Date
- Thread

Breadcrumbs