Return-Path: Delivered-To: apmail-incubator-esme-dev-archive@locus.apache.org Received: (qmail 33776 invoked from network); 6 Jan 2009 21:27:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Jan 2009 21:27:19 -0000 Received: (qmail 2462 invoked by uid 500); 6 Jan 2009 21:27:19 -0000 Delivered-To: apmail-incubator-esme-dev-archive@incubator.apache.org Received: (qmail 2433 invoked by uid 500); 6 Jan 2009 21:27:19 -0000 Mailing-List: contact esme-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: esme-dev@incubator.apache.org Delivered-To: mailing list esme-dev@incubator.apache.org Received: (qmail 2422 invoked by uid 99); 6 Jan 2009 21:27:19 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Jan 2009 13:27:19 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_HELO_PASS,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [212.227.17.4] (HELO mout-xforward.kundenserver.de) (212.227.17.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Jan 2009 21:27:10 +0000 Received: from [192.168.0.9] (cpc1-addl1-0-0-cust563.hers.cable.ntl.com [86.0.58.52]) by mrelayeu.kundenserver.de (node=mrelayeu6) with ESMTP (Nemesis) id 0ML29c-1LKJRo0jnr-0001qG; Tue, 06 Jan 2009 22:26:48 +0100 Message-ID: <4963CC97.2020503@fortybeans.com> Date: Tue, 06 Jan 2009 21:26:47 +0000 From: Darren Hague User-Agent: Thunderbird 2.0.0.18 (X11/20081125) MIME-Version: 1.0 To: esme-dev@incubator.apache.org Subject: Re: Scrum call summary (authentication section) References: <28282009.1254601231267897228.JavaMail.servlet@kundenserver> <2bca8c350901061205k7271f87y52918cd1967255c0@mail.gmail.com> <2bca8c350901061313u4f58777g5622ebfbb163a12e@mail.gmail.com> In-Reply-To: <2bca8c350901061313u4f58777g5622ebfbb163a12e@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V01U2FsdGVkX199kw9llQM8oh6m7qkwmbeGMVQHnkeUHTTStm8 aseIJjpSuJ93metRU47E0JR3vf77PImcnyh2CGs3BeZJN+T12a VDPrk2HSUtdbUVjJMV0mxwD9tjISIRlrTabEctIgW0= X-Virus-Checked: Checked by ClamAV on apache.org So long as it's pluggable (i.e. the built-in OpenID support can be disabled or simply not used), then we should be fine. The problem with implementing an OpenID JAAS module is that it requires access to the HTTP Response object in the login module to achieve the OpenID redirect. As far as I know, that is only possible using SAP's J2EE engine at this stage (JAAS is not restricted to web applications and only SAP have added a pair of callbacks to give access to the HTTP request/response). I have implemented such a login module already, but because of this restriction, it only works with SAP NetWeaver at this point. - Darren Daniel Koller wrote: > On Tue, Jan 6, 2009 at 9:55 PM, David Pollak > wrote: > > >> On Tue, Jan 6, 2009 at 12:05 PM, Daniel Koller > >>> wrote: >>> >>> Hi, >>> >>> is it possible to standardize the interface from ESME to the servlet >>> container: >>> >> I'd strongly prefer not to do that. It's fine for the auth plugin to do >> that, but this would mean that the container needs to support OpenID if an >> ESME instance is to support OpenID. >> >> >> ...the reason for my statement was, that the set of needed auth schemes is >> > up to infrastructure setup, where ESME is used. > > So an OpenID JAAS Provider can be used and this does not limit our options > in the ESME code. Using this way we could also decouple ESME roadmap from > any upcoming acitivities/issues in the OpenID space. > > And on the other hand, the primary support for openid in the ESME code could > reduce the resources available for supporting other auth schemes in the ESME > code: a primary OpenID requirement (with a difficult setup to circumvent > OpenID) would not help. > > Daniel > >