incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henry Story (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLEREZZA-481) AuthenticationMethod.authenticate(Request request) return Subject
Date Fri, 01 Apr 2011 07:14:05 GMT
AuthenticationMethod.authenticate(Request request) return Subject
-----------------------------------------------------------------

                 Key: CLEREZZA-481
                 URL: https://issues.apache.org/jira/browse/CLEREZZA-481
             Project: Clerezza
          Issue Type: Improvement
            Reporter: Henry Story


currently AuthenticationMethod.authenticate(Request request)  returns String

  It would make more sense if it could return a Subject [1]. This would allow the object returned
to be a lot richer. For example

  (a) A Subject can contain a number of credentials and a number of Principals. In the WebId
with an X509 certificate continaing a number of Subject Alternative Names  a subject could
contain a number of WebID Principals. Some WebIDs might take time to be verified, so they
could appear in the Subject at a  later time.

  (b) A Subject can also contain credentials. In fact X509 certificates should be the prototypical
public credential.

  (c) Credentials can be any object, but clearly one could wrap an X509certificate in  a class
with an isCurrent() method to test if the certificate is still valid. It would also allow
X509certs to be destroyed, which could then perhaps throw TLS exceptions... to be looked into.


1] http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html#Subject

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message