[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[higgins-dev] STS Question About ISecurityInformation interface
|
Mike,
We have a question concerning the way security information is passed through the STS down to the TokenHandler objects.
We need to handle the following kinds of credentials/security tokens:
1) Username - Password
2) PPID + Public Key
3) User defined custom tokens
The current Higgins code explicitly supports 1 and 2. It appears to us that the STS also intends to support 3 through the following methods:
package org.eclipse.higgins.sts.api;
public interface ISecurityInformation
{
....
public abstract java.util.List getSecurityTokenList();
public abstract void addSecurityToken(IElement elemToken);
}
We want to verify with you that this is your intent. Any credential type not recognized could be placed in this list and passed to handlers for processing. The STS does not currently do this, but it seems that it could/should.
We were also wondering about whether the ISecurityInformation couldn't be entirely replaced with a simple Map object. Instead of having specific methods for getUsernameToken, setUsernameToken, getModulus, setModulus, etc. we could simply use the Map object's set/get methods and define specific key strings for things like username, modulus, etc. It would also be very useful if the map had a way to set/get the "kind of" credential. Something like this might make it easier to implement custom credential types.
This would also make it easier to extend when you get around to handling Kerberos and X509 credentials.
What do you think?
Thank you,
Daniel Sanders
Stuart Jensen
