incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henry Story <henry.st...@bblfish.net>
Subject Re: proposal: AuthenticationMethod.authenticate(Request request) return Subject
Date Tue, 29 Mar 2011 09:03:12 GMT
Looking around in the code to see how this method is used I found :

 - that is is implemented by:
   + BasicAuthentication
   + CookieAuthentication
   + FoafSslAuthentication
 
 - the method is called by
   AuthenticatingFilter.handle(Request, Response)

  It does not therefore make sense to have two different methods, because the point of these
implementations is to hide behind the interface so that AuthenticatingFilter can proceed without
knowledge of the impl.

   What I will do is work on a branch here, and see how far I get by changing the method as
proposed.
It may be after all that on embarking on this I find something else that does not work, or
that is problematic, or simply that what I was hoping to achieve does not work anyway. 

   I think we could say there was success if we could get someone who had be logged in with
WebID to the
also login with username/password and use that to help tie a WebId to an existing account.
If I don't implement something like that, at least I'll see if it works.

	Henry

On 29 Mar 2011, at 10:40, Tsuyoshi Ito wrote:

> Hi
> 
> +1 for Tommaso's suggestion.
> 
> cheers
> tsuy
> 
> On Tue, Mar 29, 2011 at 10:00 AM, Tommaso Teofili
> <tommaso.teofili@gmail.com> wrote:
>> I'd like more to have separate methods, not to pass over the String
>> returning one; for example exposing:
>>  AuthenticationMethod.authenticateWithSubject(Request request)
>> which returns a Subject sounds good to me.
>> Cheers,
>> Tommaso
>> 
>> 2011/3/29 Henry Story <henry.story@bblfish.net>
>> 
>>> 
>>> currently AuthenticationMethod.authenticate(Request request)  returns
>>> String
>>> 
>>>   It would make more sense if it could return a Subject [1]. This would
>>> allow the object returned to be a lot richer. For example
>>> 
>>>   (a) A Subject can contain a number of credentials and a number of
>>> Principals. Each principal would
>>>       be a WebID. Some WebIDs might take time to be verified, so they could
>>> appear in the Subject at a
>>>       later time.
>>> 
>>>   (b) A Subject can also contain credentials. In fact X509 certificates
>>> should be the prototypical public credential.
>>> 
>>>   (c) Credentials can be any object, but clearly one could wrap an
>>> X509certificate with an isCurrent() method to test if the certificate is
>>> still valid. It would also allow X509certs to be destroyed, which could then
>>> perhaps throw TLS exceptions... to be looked into.
>>> 
>>> 
>>> Question: How does TLS authentication relate to the LoginContext? It seems
>>> that it works for Kerberos
>>> 
>>> 
>>> http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html
>>> 
>>> 
>>> Henry
>>> 
>>> [1]
>>> http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html#Subject
>>> 
>>> 
>>> Social Web Architect
>>> http://bblfish.net/
>>> 
>>> 
>> 
> 
> 
> 
> -- 
> --trialox ag--------------------------------------
> 
> Tsuyoshi Ito
> Binzmuehlestrasse 14
> CH-8050 Z├╝rich
> Tel. +41 44 635 75 77
> URL: http://trialox.org

Social Web Architect
http://bblfish.net/


Mime
View raw message