incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tommaso Teofili <tommaso.teof...@gmail.com>
Subject Re: proposal: AuthenticationMethod.authenticate(Request request) return Subject
Date Tue, 29 Mar 2011 08:00:00 GMT
I'd like more to have separate methods, not to pass over the String
returning one; for example exposing:
 AuthenticationMethod.authenticateWithSubject(Request request)
which returns a Subject sounds good to me.
Cheers,
Tommaso

2011/3/29 Henry Story <henry.story@bblfish.net>

>
> currently AuthenticationMethod.authenticate(Request request)  returns
> String
>
>   It would make more sense if it could return a Subject [1]. This would
> allow the object returned to be a lot richer. For example
>
>   (a) A Subject can contain a number of credentials and a number of
> Principals. Each principal would
>       be a WebID. Some WebIDs might take time to be verified, so they could
> appear in the Subject at a
>       later time.
>
>   (b) A Subject can also contain credentials. In fact X509 certificates
> should be the prototypical public credential.
>
>   (c) Credentials can be any object, but clearly one could wrap an
> X509certificate with an isCurrent() method to test if the certificate is
> still valid. It would also allow X509certs to be destroyed, which could then
> perhaps throw TLS exceptions... to be looked into.
>
>
> Question: How does TLS authentication relate to the LoginContext? It seems
> that it works for Kerberos
>
>
> http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html
>
>
> Henry
>
> [1]
> http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html#Subject
>
>
> Social Web Architect
> http://bblfish.net/
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message