[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [higgins-dev] [IdAS] Context open/close semantics
|
Based on recent email and phone discussions, here's take two. I believe
the only unresolved issue is the need for retrieving the identity from
an open Context.
--------------------------
(1) An open Context represents a binding between a client (specified by
the identity in the open() call) and the data published by the Context.
A successful open operation implies that the identity is authenticated
and that the client will be allowed to access Context data, subject to
the Context's access control policy. (OPEN ISSUE: There is no API for
determining the identity of the client that opened a Context.)
(2) The following Context methods require a Context to be open:
getSubject, getSubjects, createSubject, removeSubject,
verifySubjectAttributes, updateSubject, exportData, importData. Calls
to these methods on a non-open Context will result in a
ContextNotOpenException.
(3) The close operation returns the Context instance to an unopened
state, as if the Context were newly-created.
(4) Performing an open on an open Context results in a
ContextOpenException. (NOTE: This is true even if the Context is
re-opened with the same identity. There is no requirement to save the
passed-in identity as is, so the Context may not be able to determine
whether the new identity and the bound identity is equivalent.)