Return-Path: 
 <dev-return-5099-apmail-shiro-dev-archive=shiro.apache.org@shiro.apache.org>
X-Original-To: apmail-shiro-dev-archive@www.apache.org
Delivered-To: apmail-shiro-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6F726971F
	for <apmail-shiro-dev-archive@www.apache.org>;
 Mon, 30 Jan 2012 16:35:31 +0000 (UTC)
Received: (qmail 26638 invoked by uid 500); 30 Jan 2012 16:35:31 -0000
Delivered-To: apmail-shiro-dev-archive@shiro.apache.org
Received: (qmail 26592 invoked by uid 500); 30 Jan 2012 16:35:30 -0000
Mailing-List: contact dev-help@shiro.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@shiro.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@shiro.apache.org>
List-Post: <mailto:dev@shiro.apache.org>
List-Id: <dev.shiro.apache.org>
Reply-To: dev@shiro.apache.org
Delivered-To: mailing list dev@shiro.apache.org
Received: (qmail 26576 invoked by uid 99); 30 Jan 2012 16:35:30 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jan 2012 16:35:30 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL,TVD_SUBJ_NUM_OBFU_MINFP
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [209.85.216.173] (HELO mail-qy0-f173.google.com)
 (209.85.216.173)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jan 2012 16:35:23 +0000
Received: by qcse13 with SMTP id e13so2502718qcs.32
        for <dev@shiro.apache.org>; Mon, 30 Jan 2012 08:35:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.229.78.206 with SMTP id m14mr6593391qck.78.1327941301780; Mon,
 30 Jan 2012 08:35:01 -0800 (PST)
Sender: les.hazlewood@anjinllc.com
Received: by 10.229.94.141 with HTTP; Mon, 30 Jan 2012 08:35:01 -0800 (PST)
In-Reply-To: 
 <CA+=EWnABrx760xcW3nXpRi4di3b55GhaQ33Dn569vPfuoZYH_Q@mail.gmail.com>
References: 
 <CA+=EWnABrx760xcW3nXpRi4di3b55GhaQ33Dn569vPfuoZYH_Q@mail.gmail.com>
Date: Mon, 30 Jan 2012 08:35:01 -0800
X-Google-Sender-Auth: OM8o3Cv8_DTI4XHnT1fRNQDFtJs
Message-ID: 
 <CAETPiXa3CQRX3j92roOA+i=tAOFvdhBdAnUOVkdvoZ+g8wqy2A@mail.gmail.com>
Subject: Re: OpenId4java - RelyingPartyRealm
From: Les Hazlewood <lhazlewood@apache.org>
To: dev@shiro.apache.org
Content-Type: text/plain; charset=UTF-8
X-Virus-Checked: Checked by ClamAV on apache.org

On Mon, Jan 30, 2012 at 8:18 AM, Kalle Korhonen
<kalle.o.korhonen@gmail.com> wrote:
> I was looking into the unfinished openid4java support module. The
> RelyingPartyRealm implementation seems a bit funny to me, it extends
> AuthorizingRealm but then states in the javadoc of it
> doGetAuthorizationInfo "Returns {@code null} always because OpenId
> does not support authorization operations".

Is this true?  I mean, if Attribute Exchange is enabled, is it
possible that some of the attributes are group or role names?  I don't
know the answer to this question, but my assumption is that the answer
would determine which Realm implementation we extend.

Cheers,

Les