[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[higgins-dev] Two proposed IdAS changes
- From: Jim Sermersheim <jimse@xxxxxxxxxx>
- Date: Tue, 09 Jan 2007 18:42:25 -0700
- Delivered-to: email@example.com
- User-agent: Thunderbird 18.104.22.168 (Windows/20061207)
1) We have a need for an IdAS consumer to be able to open a context
using some authN materials, and then read the attributes of the DS
representing the identity in the authN materials used to open the
context. These authN materials don't contain the cuid of the DS. They
may or may not contain attributes which could be used to search for the
DS but this can't be relied on. Therefore, we propose that
IContext.open return a String which is the cuid of the DS representing
the identity in the authN materials used to open the context (if any).
The string may be null when the identity is not represented by any
specific DS in the context.
Existing CP's and IdAS consumers would need to be updated for this change.
2) We realized the current AuthNNamePasswordMaterials can be seen as
similar to other kinds of AuthNMaterials. One thing many different
kinds of AuthNMaterials seem to have in common is that they contain a
set of properties that identify the identity. The proposal is to do this:
public interface org.eclipse.higgins.idas.IAuthNPropertiesMaterials
public class org.eclipse.higgins.idas.impl.AuthNPropertiesMaterials
extends BasicPropertySet implements IAuthNPropertiesMaterials
public class org.eclipse.higgins.idas.impl.AuthNNamePasswordMaterials
public class org.eclipse.higgins.idas.impl.AuthNSelfIssuedMaterials
Where AuthNNamePasswordMaterials and AuthNSelfIssuedMaterials have
get/set methods for name/pw and ppid/publicKey repectively, and where
the implementations store these values as properties.
This way a Context Provider can implement IContext.open by examining the
class of the passed identity. If it's something specific like
AuthNNamePasswordMaterials, it might know exactly what can be done with
it. Failing that, it may discover that it implements
IAuthNPropertiesMaterials and therefore, the property set may be
interrogated in order to see if it constitutes a set of attributes which
are suitable for describing an identity which can be used to open the
Existing CP's and IdAS consumers currently implementing or making use of
org.eclipse.higgins.idas.AuthNNamePasswordMaterials would need to be
updated for this change.