incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henry Story (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLEREZZA-494) Subjects should be re-used
Date Mon, 11 Apr 2011 11:27:05 GMT
Subjects should be re-used
--------------------------

                 Key: CLEREZZA-494
                 URL: https://issues.apache.org/jira/browse/CLEREZZA-494
             Project: Clerezza
          Issue Type: Improvement
            Reporter: Henry Story


With WebID a number of things need to be looked at that don't appear obvious when one is dealing
with simple and cookie auth. This in fact also applies to OpenId authentication. One of these
is that one can have a number of Principals in one WebID authentication, since an X509 cert
could contain two webids or even an email address. 

But it also the case that someone who authentified themselves with WebID may later also use
a password, as an additional method of authentication. 

So it seems to me that the Subject should be passed along at all stages of authentification.
The following article on JBoss Subject usage shows quite clearly that this is the purpose
of the Subject. 

http://oatv.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html?page=5

It will also be very useful as the Subject can gather credentials, both those that succeeded
and those that failed in order to help explain why there were failures in a web interface.
So in the case of WebID test suite we would like to pass the X509Claims as credentials to
an explanatory page, so that one can explain to the user why the claims failed. The same will
be true in an OpenID claim: it will help to the let the user know that his OpenId provider
is down at the moment, so that he can be properly redirected.

The changes to get this to work are quite small, but it will require some thinking things
through. But both OpenId support and WebId suport will require some of this thinking to occur.


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message