incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henry Story <henry.st...@bblfish.net>
Subject proposal: AuthenticationMethod.authenticate(Request request) return Subject
Date Mon, 28 Mar 2011 22:12:51 GMT

currently AuthenticationMethod.authenticate(Request request)  returns String

   It would make more sense if it could return a Subject [1]. This would allow the object
returned to be a lot richer. For example
  
   (a) A Subject can contain a number of credentials and a number of Principals. Each principal
would
       be a WebID. Some WebIDs might take time to be verified, so they could appear in the
Subject at a
       later time.

   (b) A Subject can also contain credentials. In fact X509 certificates should be the prototypical
public credential.

   (c) Credentials can be any object, but clearly one could wrap an X509certificate with an
isCurrent() method to test if the certificate is still valid. It would also allow X509certs
to be destroyed, which could then perhaps throw TLS exceptions... to be looked into.


Question: How does TLS authentication relate to the LoginContext? It seems that it works for
Kerberos

 http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html
   

Henry

[1] http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html#Subject


Social Web Architect
http://bblfish.net/


Mime
View raw message