[news.eclipse.technology.etf] Re: Identity management

[Christophe Elek <celek@xxxxxxxxxx>]

"Jay R." <jrosenth@xxxxxxxxxxxxxxxx> wrote in
news:csh2c6$khb$1@xxxxxxxxxxxxxxx: 

> Thanks Chris.
> 
> Now I understand conceptually where you're coming from.
> 
> Technically there's no reason why a single file/database cannot be
> "all" these things.  Though for security reasons you may not want them
> to be. 
> 
> So you see the "credential vault" constaining such things as
> username/password pairs used to connect to different servers ?  For
> example the Mozilla.Firefox refer to this as their "Password Manager".
> 
> Have a look at:
> http://dev.eclipse.org/viewcvs/indextech.cgi/~checkout~/equinox-home/se
> curity/index.html for some work ramping up on many security aspects of
> Eclipse and RCP. 
> 
> Jay R.
> IBM Software Group
> Workplace, Portal and Collaboration Software, Security

Hey Jay
Actually, conceptually , and I may be wrong
I see an authentication database, which contains data so I can be 
authenticated (my finger print, my retina, my card, my userid/password)

and I see a 'credential' database (I know who you are, now what can you do)
I understand they are 'generally' the same (Example you can put 
userid/password and some data in LDAP) but they may not

I also authorization may be done on the user (and usually it is: see J2EE 
role mapping or JAAS)
but it may not, Let's say I prevent the user from entering if she/he has 
bad breath today ! :) This is computed dynamically.

-- 
Christophe Elek
Complex and difficult problem resolution specialist
IBM Software Groupe - Support
Eclipse Project - Update Core