incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henry Story (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CLEREZZA-494) Subjects should be re-used
Date Wed, 11 May 2011 17:13:47 GMT

     [ https://issues.apache.org/jira/browse/CLEREZZA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Henry Story resolved CLEREZZA-494.
----------------------------------

    Resolution: Fixed

This was done by enabling CLEREZZA-479 - building the WebID test suite. The commits should
have been assigned to this issue here.

> Subjects should be re-used
> --------------------------
>
>                 Key: CLEREZZA-494
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-494
>             Project: Clerezza
>          Issue Type: Improvement
>            Reporter: Henry Story
>            Assignee: Henry Story
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> With WebID a number of things need to be looked at that don't appear obvious when one
is dealing with simple and cookie auth. This in fact also applies to OpenId authentication.
One of these is that one can have a number of Principals in one WebID authentication, since
an X509 cert could contain two webids or even an email address. 
> But it also the case that someone who authentified themselves with WebID may later also
use a password, as an additional method of authentication. 
> So it seems to me that the Subject should be passed along at all stages of authentification.
The following article on JBoss Subject usage shows quite clearly that this is the purpose
of the Subject. 
> http://oatv.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html?page=5
> It will also be very useful as the Subject can gather credentials, both those that succeeded
and those that failed in order to help explain why there were failures in a web interface.
So in the case of WebID test suite we would like to pass the X509Claims as credentials to
an explanatory page, so that one can explain to the user why the claims failed. The same will
be true in an OpenID claim: it will help to the let the user know that his OpenId provider
is down at the moment, so that he can be properly redirected.
> The changes to get this to work are quite small, but it will require some thinking things
through. But both OpenId support and WebId suport will require some of this thinking to occur.


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message