incubator-esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Pollak" <feeder.of.the.be...@gmail.com>
Subject Re: Scrum call summary (authentication section)
Date Tue, 06 Jan 2009 21:08:43 GMT
Darren,

For now, I think it's an ESME solution.  If I can generalize it, I'll
back-port it to Lift.

Thanks,

David

On Tue, Jan 6, 2009 at 1:02 PM, Darren Hague <dhague@fortybeans.com> wrote:

> As long as we can write such a plugin pretty quickly, then that sounds like
> a good solution.
>
> David - do you see this kind of pluggable authentication going back into
> Lift, or staying as part of ESME?
>
> It would be great if pluggable authentication made it into Lift, and was
> then simply integrated into ESME as a result.    I'm happy to help out where
> I can (I know Java authentication & authorisation pretty well), but most
> Lift-related code is still pretty opaque to me, unfortunately.
>
> Cheers,
> Darren
>
>
>
>
> David Pollak wrote:
>
>> On Tue, Jan 6, 2009 at 12:05 PM, Daniel Koller <dakoller@googlemail.com
>> >wrote:
>>
>>
>>
>>> Hi,
>>>
>>> is it possible to standardize the interface from ESME to the servlet
>>> container:
>>>
>>>
>>
>>
>> I'd strongly prefer not to do that.  It's fine for the auth plugin to do
>> that, but this would mean that the container needs to support OpenID if an
>> ESME instance is to support OpenID.
>>
>>
>>
>>
>>> There are two relevant API calls in HttpServletRequest (which get feeded
>>> from the container where they run in)
>>>
>>> - getUserPrincipal()
>>> - isUserinrole()
>>>
>>> The main task would be that we in ESME we rely on the results of these
>>> two
>>> calls (however there will be OpenID/NTLM etc. specific handling in a
>>> special
>>> JAAS module with special database tables)
>>>
>>> Kind regards,
>>>
>>> Daniel
>>>
>>> On Tue, Jan 6, 2009 at 8:45 PM, David Pollak
>>> <feeder.of.the.bears@gmail.com>wrote:
>>>
>>>
>>>
>>>> Darren,
>>>>
>>>> I'm going to split out the auth part of ESME.  There will a generic
>>>> "auth
>>>> data" table that will contain generic information for authentication
>>>> schemes.  Each scheme (and many schemes may be present simultaneously)
>>>>
>>>>
>>> will
>>>
>>>
>>>> write a row in the table.
>>>>
>>>> I'll write the openid plugin and you can write others.
>>>>
>>>> How does that sound?
>>>>
>>>> Thanks,
>>>>
>>>> David
>>>>
>>>> On Tue, Jan 6, 2009 at 10:51 AM, Darren Hague <dhague@fortybeans.com>
>>>> wrote:
>>>>
>>>>
>>>>
>>>>> Quick notes from the 1st part of the Scrum call today (Dick to produce
>>>>> notes from part 2).
>>>>>
>>>>> We need to look at auth approach, with JAAS preferred for J2EE
>>>>> container-based authentication & authorisation. This will give easy
>>>>>
>>>>>
>>>> access
>>>>
>>>>
>>>>> to enterprise-based authentication systems. OpenID, while a good
>>>>>
>>>>>
>>>> initial
>>>
>>>
>>>> choice, is causing usability and technical problems and is of little
>>>>> relevance to the enterprise context.
>>>>>
>>>>> Daniel will look at removing the OpenID dependency from ESME (mostly
by
>>>>> asking David and the rest of the Lift community)
>>>>> Darren will look at doing a JAAS/Lift sample app which cas serve as the
>>>>> basis for JAAS auths in ESME, and of course can be contributed back to
>>>>>
>>>>>
>>>> Lift.
>>>>
>>>>
>>>>> Cheers,
>>>>> Darren
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Lift, the simply functional web framework http://liftweb.net
>>>> Collaborative Task Management http://much4.us
>>>> Follow me: http://twitter.com/dpp
>>>> Git some: http://github.com/dpp
>>>>
>>>>
>>>>
>>>
>>> --
>>> ---
>>> Daniel Koller
>>> Jahnstrasse 20
>>> 80469 M√ľnchen * dakoller@googlemail.com
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>


-- 
Lift, the simply functional web framework http://liftweb.net
Collaborative Task Management http://much4.us
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message