Return-Path: 
 <esme-dev-return-148-apmail-incubator-esme-dev-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-esme-dev-archive@locus.apache.org
Received: (qmail 28250 invoked from network); 6 Jan 2009 21:09:14 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 6 Jan 2009 21:09:14 -0000
Received: (qmail 81118 invoked by uid 500); 6 Jan 2009 21:09:14 -0000
Delivered-To: apmail-incubator-esme-dev-archive@incubator.apache.org
Received: (qmail 81096 invoked by uid 500); 6 Jan 2009 21:09:14 -0000
Mailing-List: contact esme-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:esme-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:esme-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:esme-dev@incubator.apache.org>
List-Id: <esme-dev.incubator.apache.org>
Reply-To: esme-dev@incubator.apache.org
Delivered-To: mailing list esme-dev@incubator.apache.org
Received: (qmail 81085 invoked by uid 99); 6 Jan 2009 21:09:14 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Jan 2009 13:09:14 -0800
X-ASF-Spam-Status: No, hits=2.2 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of feeder.of.the.bears@gmail.com
 designates 209.85.219.20 as permitted sender)
Received: from [209.85.219.20] (HELO mail-ew0-f20.google.com) (209.85.219.20)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Jan 2009 21:09:04 +0000
Received: by ewy13 with SMTP id 13so7980838ewy.12
        for <esme-dev@incubator.apache.org>;
 Tue, 06 Jan 2009 13:08:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type:references;
        bh=QWHPVVRdHZY8TpPufKf3X60YifEwgKJBiTfYVwb2HF4=;
        b=pYuT2Sr2QS+wE6g2ZsEJvO3qCe6bZKfXlYmFOEG56vDuhvDi/xLe5swKnLr7Cc/7Yv
         aGYjsul0xmNvddCHpv9J4MNi4rJ6OHbD+Kih/ycRmlgSmsLj/QPSff3C0VnU/TG/sylx
         PxLAkO8YjCj8cQDPPWpjvYmw9MAOitqcv/J5g=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:references;
        b=xlTqo/9VwCexA6CMf0iyPGf2QCgiWzz9WM9hajsPzZeAwecrwgTLGJmwWhPKe/R2Yq
         QF6SHvM//PkWbemQ+w7i1os6lSqt6AgTZ8E8zcckYrsOD0YVnPr5CGcf2ood5SvhX29i
         g7qdbDjQG+KkPNmWHBVzJaAyXjOo8JwWhck5o=
Received: by 10.210.119.16 with SMTP id r16mr19022270ebc.47.1231276123129;
        Tue, 06 Jan 2009 13:08:43 -0800 (PST)
Received: by 10.210.12.9 with HTTP; Tue, 6 Jan 2009 13:08:43 -0800 (PST)
Message-ID: <cdbebedf0901061308ra2f719aj6a1e8a38a506cded@mail.gmail.com>
Date: Tue, 6 Jan 2009 13:08:43 -0800
From: "David Pollak" <feeder.of.the.bears@gmail.com>
To: esme-dev@incubator.apache.org
Subject: Re: Scrum call summary (authentication section)
In-Reply-To: <4963C6E5.3090105@fortybeans.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_219029_25433555.1231276123119"
References: <28282009.1254601231267897228.JavaMail.servlet@kundenserver>
	 <cdbebedf0901061145pabddaey21efd222e1fd3cd4@mail.gmail.com>
	 <2bca8c350901061205k7271f87y52918cd1967255c0@mail.gmail.com>
	 <cdbebedf0901061255w7b77cc6ft26be983ac02dca18@mail.gmail.com>
	 <4963C6E5.3090105@fortybeans.com>
X-Virus-Checked: Checked by ClamAV on apache.org

------=_Part_219029_25433555.1231276123119
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Darren,

For now, I think it's an ESME solution.  If I can generalize it, I'll
back-port it to Lift.

Thanks,

David

On Tue, Jan 6, 2009 at 1:02 PM, Darren Hague <dhague@fortybeans.com> wrote:

> As long as we can write such a plugin pretty quickly, then that sounds li=
ke
> a good solution.
>
> David - do you see this kind of pluggable authentication going back into
> Lift, or staying as part of ESME?
>
> It would be great if pluggable authentication made it into Lift, and was
> then simply integrated into ESME as a result.    I'm happy to help out wh=
ere
> I can (I know Java authentication & authorisation pretty well), but most
> Lift-related code is still pretty opaque to me, unfortunately.
>
> Cheers,
> Darren
>
>
>
>
> David Pollak wrote:
>
>> On Tue, Jan 6, 2009 at 12:05 PM, Daniel Koller <dakoller@googlemail.com
>> >wrote:
>>
>>
>>
>>> Hi,
>>>
>>> is it possible to standardize the interface from ESME to the servlet
>>> container:
>>>
>>>
>>
>>
>> I'd strongly prefer not to do that.  It's fine for the auth plugin to do
>> that, but this would mean that the container needs to support OpenID if =
an
>> ESME instance is to support OpenID.
>>
>>
>>
>>
>>> There are two relevant API calls in HttpServletRequest (which get feede=
d
>>> from the container where they run in)
>>>
>>> - getUserPrincipal()
>>> - isUserinrole()
>>>
>>> The main task would be that we in ESME we rely on the results of these
>>> two
>>> calls (however there will be OpenID/NTLM etc. specific handling in a
>>> special
>>> JAAS module with special database tables)
>>>
>>> Kind regards,
>>>
>>> Daniel
>>>
>>> On Tue, Jan 6, 2009 at 8:45 PM, David Pollak
>>> <feeder.of.the.bears@gmail.com>wrote:
>>>
>>>
>>>
>>>> Darren,
>>>>
>>>> I'm going to split out the auth part of ESME.  There will a generic
>>>> "auth
>>>> data" table that will contain generic information for authentication
>>>> schemes.  Each scheme (and many schemes may be present simultaneously)
>>>>
>>>>
>>> will
>>>
>>>
>>>> write a row in the table.
>>>>
>>>> I'll write the openid plugin and you can write others.
>>>>
>>>> How does that sound?
>>>>
>>>> Thanks,
>>>>
>>>> David
>>>>
>>>> On Tue, Jan 6, 2009 at 10:51 AM, Darren Hague <dhague@fortybeans.com>
>>>> wrote:
>>>>
>>>>
>>>>
>>>>> Quick notes from the 1st part of the Scrum call today (Dick to produc=
e
>>>>> notes from part 2).
>>>>>
>>>>> We need to look at auth approach, with JAAS preferred for J2EE
>>>>> container-based authentication & authorisation. This will give easy
>>>>>
>>>>>
>>>> access
>>>>
>>>>
>>>>> to enterprise-based authentication systems. OpenID, while a good
>>>>>
>>>>>
>>>> initial
>>>
>>>
>>>> choice, is causing usability and technical problems and is of little
>>>>> relevance to the enterprise context.
>>>>>
>>>>> Daniel will look at removing the OpenID dependency from ESME (mostly =
by
>>>>> asking David and the rest of the Lift community)
>>>>> Darren will look at doing a JAAS/Lift sample app which cas serve as t=
he
>>>>> basis for JAAS auths in ESME, and of course can be contributed back t=
o
>>>>>
>>>>>
>>>> Lift.
>>>>
>>>>
>>>>> Cheers,
>>>>> Darren
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Lift, the simply functional web framework http://liftweb.net
>>>> Collaborative Task Management http://much4.us
>>>> Follow me: http://twitter.com/dpp
>>>> Git some: http://github.com/dpp
>>>>
>>>>
>>>>
>>>
>>> --
>>> ---
>>> Daniel Koller
>>> Jahnstrasse 20
>>> 80469 M=FCnchen * dakoller@googlemail.com
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>


--=20
Lift, the simply functional web framework http://liftweb.net
Collaborative Task Management http://much4.us
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp

------=_Part_219029_25433555.1231276123119--