[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[higgins-dev] Two proposed IdAS changes

1) We have a need for an IdAS consumer to be able to open a context using some authN materials, and then read the attributes of the DS representing the identity in the authN materials used to open the context. These authN materials don't contain the cuid of the DS. They may or may not contain attributes which could be used to search for the DS but this can't be relied on. Therefore, we propose that IContext.open return a String which is the cuid of the DS representing the identity in the authN materials used to open the context (if any). The string may be null when the identity is not represented by any specific DS in the context.

Existing CP's and IdAS consumers would need to be updated for this change.

2) We realized the current AuthNNamePasswordMaterials can be seen as similar to other kinds of AuthNMaterials. One thing many different kinds of AuthNMaterials seem to have in common is that they contain a set of properties that identify the identity. The proposal is to do this:
public interface org.eclipse.higgins.idas.IAuthNPropertiesMaterials extends IHasProperties
public class org.eclipse.higgins.idas.impl.AuthNPropertiesMaterials extends BasicPropertySet implements IAuthNPropertiesMaterials
public class org.eclipse.higgins.idas.impl.AuthNNamePasswordMaterials extends AuthNPropertiesMaterials
public class org.eclipse.higgins.idas.impl.AuthNSelfIssuedMaterials extends AuthNPropertiesMaterials


Where AuthNNamePasswordMaterials and AuthNSelfIssuedMaterials have get/set methods for name/pw and ppid/publicKey repectively, and where the implementations store these values as properties.

This way a Context Provider can implement IContext.open by examining the class of the passed identity. If it's something specific like AuthNNamePasswordMaterials, it might know exactly what can be done with it. Failing that, it may discover that it implements IAuthNPropertiesMaterials and therefore, the property set may be interrogated in order to see if it constitutes a set of attributes which are suitable for describing an identity which can be used to open the context.

Existing CP's and IdAS consumers currently implementing or making use of org.eclipse.higgins.idas.AuthNNamePasswordMaterials would need to be updated for this change.

Jim