> So the STS
should not be dependant on IdAS, thus we should not have IdAS Registry be the
only way configure the Context
STS does not
depend on IdAS directly. The talk is about DigitalIdentityHandler,an STS extention that is used to get claim
values stored within IdAS CP. We need to be able to use this extention
with any implementation of IdAS CP.
Thanks, Sergey Lyakhov
----- Original Message -----
Sent: Wednesday, July 25, 2007 11:17
PM
Subject: Re: [higgins-dev] STS profile
problems
So the STS should not be dependant on IdAS, thus we should not have IdAS
Registry be the only way configure the Context
Anthony Nadalin | Work
512.838.0085 | Cell 512.289.4122
"Sergey Lyakhov" ---07/25/2007 03:07:20
PM---Hello,
Hello,
We need to be able to use any implementation of
IdAS context to manage STS user profile. We are going to implement a new
user profile plugin (like org.eclipse.higgins.sts.server.profile) which
will use any implementation of IdAS context and perform all operations
(including profile creation) using IdAS methods (now LDAP is directly used
to create/modify a profile). However, we have the following problems with
DigitalIdentityHandler:
1. DigitalIdentityHandler is implemented to use
the peculiarity of JNDI CP - each context contains single digital subject
and subject ID is returned by IContext.open() method. I think we should
not use this peculiarity anywhere. Moreower, I think IContext.open()
should return nothing (void). Perhaps, in case of JNDI CP it will be
more convinient to alwauys return its single subject for any value of
passed subjectID. In other words, JNDI IContext.getSubject(String
subjectID) should always return the same subject for any passed
subjectID, even for null.
2. To find appropriate DigitalSubject,
we need its subjectID. So, CardID should contain both contextRef and
subjectID (subjectID will be missed for JNDI provider).
3. In case
of SelfSigned cards, cardID should also contain contextRef + subjectID
(now it contains IssuerID of selfIssued cards).
4. Perhaps, STS
should not use DefaultContextRef. It should be a problem of IdASRegistry
to initialize any ContextFactory and find required
context.
Thanks, Sergey Lyakhov
_______________________________________________ higgins-dev mailing
list higgins-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/higgins-dev
_______________________________________________ higgins-dev mailing
list higgins-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/higgins-dev
|