jsr375-experts@javaee-security-spec.java.net

[jsr375-experts] Re: 1-TerminologyAuthInteractionVsStore ACTION: cast vote

From: Rudy De Busscher <rdebusscher_at_gmail.com>
Date: Thu, 16 Apr 2015 20:18:20 +0200

Hi,

As already mentioned in some of the mails, *auth* isn't very descriptive
(authorization or authentication)

so my vote goes to
* authentication mechanism
* authentication method
Both describe nicely what they are (I guess) but slightly in favor of the
mechanism (as method maybe refers too much to http method)

Rudy

On 16 April 2015 at 18:37, Adam Bien <abien_at_adam-bien.com> wrote:

> Adam: auth-method (because in web.xml + servlet)
> > On 16.04.2015, at 15:23, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> >
> > Hi again,
> >
> > Now that we seem to have largely agreed on the working term "identity
> > store", it's time to consider the next term mentioned in
> > JAVAEE_SECURITY_SPEC-1, which is the term for the "the (user)
> > interaction method via which credentials are obtained (form, basic,
> > etc)".
> >
> > I didn't research this intensively, but after a quick look I
> > discovered the following terms:
> >
> > * auth-method (Servlet, web.xml)
> > * authentication mechanism (Undertow)
> > * authenticator (Tomcat)
> > * (server) auth module/SAM (JASPIC)
> >
> > Concrete code examples to make it hopefully extra clear what's meant
> here:
> >
> > Undertow:
> http://grepcode.com/file/repo1.maven.org/maven2/io.undertow/undertow-core/1.2.0.Beta8/io/undertow/security/impl/FormAuthenticationMechanism.java#FormAuthenticationMechanism
> >
> > Tomcat:
> http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/8.0.20/org/apache/catalina/authenticator/FormAuthenticator.java#FormAuthenticator
> >
> > Both implement the well known Servlet FORM.
> >
> > In the case of Undertow we see:
> >
> > FormAuthenticationMechanism#authenticate
> > - Extract username/password from request
> > - Call out to "identity store": Account account =
> > identityManager.verify(userName, credential);
> > - Establish authenticated identity:
> > securityContext.authenticationComplete(account, name, true);
> >
> > In the case of Tomcat we see:
> >
> > FormAuthenticator#authenticate
> > - Extract username/password from request
> > - Call out to "identity store": principal =
> > realm.authenticate(username, password);
> > - AuthenticatorBase#register(request, response, principal, ...);
> >
> > Do note the extra level of confusion regarding the term
> > "authenticator". In Tomcat this is the interaction mechanism, while in
> > Resin this is exactly the opposite thing, namely the "identity store"
> > (which is called Realm in Tomcat).
> >
> > I'll start with voting for "authentication mechanism":
> >
> > Arjan Tijms - authentication mechanism
> >
> > Kind regards,
> > Arjan Tijms
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Apr 13, 2015 at 7:46 PM, arjan tijms <arjan.tijms_at_gmail.com>
> wrote:
> >> Hi,
> >>
> >> On Monday, April 13, 2015, Adam Bien <abien_at_adam-bien.com> wrote:
> >>>
> >>> I'm for Identity Store or Realm
> >>
> >>
> >> I think that means we have a winner ;)
> >>
> >> Identity store - 8
> >> Realm - 4
> >>
> >> If the 3 remaining people would all vote realm now then identity store
> would
> >> still win.
> >>
> >>
> >>>
> >>> I think Java EE borrowed the term "Realm" from Basic Authentication:
> >>> http://tools.ietf.org/html/rfc2617 ("Protection Space")
> >>
> >>
> >> I think so too, and I always got the feeling that "realm" should only
> apply
> >> to basic authentication in web.xml. But because of a lack of any other
> way
> >> it's also often used for the FORM authentication mechanism to let the
> user
> >> indicate which identity store to use for it.
> >>
> >> Kind regards,
> >> Arjan Tijms
> >>
> >>
> >>
> >>>
> >>>
> >>> A realm could be anything, but from pragmatic point of view it is an
> >>> Identity Store.
> >>>> On 13.04.2015, at 17:52, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> >>>>
> >>>> Hi,
> >>>>
> >>>> On Fri, Apr 10, 2015 at 10:23 AM, Ivar Grimstad
> >>>> <ivar.grimstad_at_gmail.com> wrote:
> >>>>> Identity Store for me.
> >>>>
> >>>> Thanks for the vote! Current status is now:
> >>>>
> >>>> 10 out of 14 voted:
> >>>>
> >>>> David Blevins: Store
> >>>> Arjan Tijms: Authentication Store
> >>>> Alex Kosowski: Identity Store
> >>>> Rudy De Busscher: Security Provider
> >>>> Darran Lofthouse: Realm / Identity Store
> >>>> Werner Keil: Authentication Store / Identity Store
> >>>> Ajay Reddy: Identity Store / User Repository / Realm
> >>>> Pedro Igor: Identity Store
> >>>> Jean-Louis Monteiro: Authentication Store / Store
> >>>> Ivar Grimstad: Identity Store
> >>>>
> >>>>
> >>>> Organized per term:
> >>>>
> >>>> Identity Store - 6
> >>>> Authentication Store - 3
> >>>> Realm - 3
> >>>> Store - 1
> >>>> Security Provider - 1
> >>>> User Repository - 1
> >>>>
> >>>> I'm willing to change my vote to "Identity Store" as well, so we'd
> then
> >>>> have:
> >>>>
> >>>> David Blevins: Store
> >>>> Arjan Tijms: Identity Store
> >>>> Alex Kosowski: Identity Store
> >>>> Rudy De Busscher: Security Provider
> >>>> Darran Lofthouse: Realm / Identity Store
> >>>> Werner Keil: Authentication Store / Identity Store
> >>>> Ajay Reddy: Identity Store / User Repository / Realm
> >>>> Pedro Igor: Identity Store
> >>>> Jean-Louis Monteiro: Authentication Store / Store
> >>>> Ivar Grimstad: Identity Store
> >>>>
> >>>>
> >>>> Organized per term:
> >>>>
> >>>> Identity Store - 7
> >>>> Realm - 3
> >>>> Authentication Store - 2
> >>>> Store - 1
> >>>> Security Provider - 1
> >>>> User Repository - 1
> >>>>
> >>>> So if Adam Bien, Will Hopkins, Matt Konda and Les Hazlewood all voted
> >>>> "realm" we'd have a tie, but otherwise there's not much that stands in
> >>>> the way of "identity store" for the working term.
> >>>>
> >>>> Kind regards,
> >>>> Arjan Tijms
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>
> >>>>> On Apr 10, 2015 9:16 AM, "arjan tijms" <arjan.tijms_at_gmail.com>
> wrote:
> >>>>>>
> >>>>>> On Fri, Apr 10, 2015 at 8:44 AM, Jean-Louis Monteiro
> >>>>>> <jlmonteiro_at_tomitribe.com> wrote:
> >>>>>>> Oups, thought I voted but looks like no.
> >>>>>>>
> >>>>>>> If it's still time, "authentication store" for me if we wan't to
> >>>>>>> really
> >>>>>>> qualify what's the store is about.
> >>>>>>> Otherwise "store" only is enough.
> >>>>>>
> >>>>>> Thanks!
> >>>>>>
> >>>>>> Latest votes overview then becomes:
> >>>>>>
> >>>>>> 9 out of 14 voted:
> >>>>>>
> >>>>>> David Blevins: Store
> >>>>>> Arjan Tijms: Authentication Store
> >>>>>> Alex Kosowski: Identity Store
> >>>>>> Rudy De Busscher: Security Provider
> >>>>>> Darran Lofthouse: Realm / Identity Store
> >>>>>> Werner Keil: Authentication Store / Identity Store
> >>>>>> Ajay Reddy: Identity Store / User Repository / Realm
> >>>>>> Pedro Igor: Identity Store
> >>>>>> Jean-Louis Monteiro: Authentication Store / Store
> >>>>>>
> >>>>>>
> >>>>>> Organized per term:
> >>>>>>
> >>>>>> Identity Store - 5
> >>>>>> Authentication Store - 3
> >>>>>> Realm - 3
> >>>>>> Store - 1
> >>>>>> Security Provider - 1
> >>>>>> User Repository - 1
> >>>>>>
> >>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Jean-Louis Monteiro
> >>>>>>> http://twitter.com/jlouismonteiro
> >>>>>>> http://www.tomitribe.com
> >>>>>>>
> >>>>>>> On Fri, Apr 10, 2015 at 12:22 AM, arjan tijms <
> arjan.tijms_at_gmail.com>
> >>>>>>> wrote:
> >>>>>>>>
> >>>>>>>> On Fri, Apr 10, 2015 at 12:11 AM, Alex Kosowski
> >>>>>>>> <alex.kosowski_at_oracle.com> wrote:
> >>>>>>>>> I change my vote to just "Identity Store"
> >>>>>>>>
> >>>>>>>> Okay, so then we have:
> >>>>>>>>
> >>>>>>>> David Blevins: Store
> >>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>> Alex Kosowski: Identity Store
> >>>>>>>> Rudy De Busscher: Security Provider
> >>>>>>>> Darran Lofthouse: Realm / Identity Store
> >>>>>>>> Werner Keil: Authentication Store / Identity Store
> >>>>>>>> Ajay Reddy: Identity Store / User Repository / Realm
> >>>>>>>> Pedro Igor: Identity Store
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Organized per term:
> >>>>>>>>
> >>>>>>>> Identity Store - 5
> >>>>>>>> Authentication Store - 2
> >>>>>>>> Realm - 2
> >>>>>>>> Store - 1
> >>>>>>>> Security Provider - 1
> >>>>>>>> User Repository - 1
> >>>>>>>>
> >>>>>>>> Kind regards,
> >>>>>>>> Arjan Tijms
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> On 4/9/15 5:56 PM, Pedro Igor Silva wrote:
> >>>>>>>>>>
> >>>>>>>>>> In PicketLink, IdentityStore is mainly related on how you manage
> >>>>>>>>>> identities and relationships. Identities would be users, roles,
> >>>>>>>>>> groups,
> >>>>>>>>>> applications, etc. And relationships would be grants(rbac),
> group
> >>>>>>>>>> membership(gbac) and so forth. It is basically a CRUD interface,
> >>>>>>>>>> base
> >>>>>>>>>> for
> >>>>>>>>>> all others specific stores we have.
> >>>>>>>>>>
> >>>>>>>>>> Regarding authentication, there is also a specific store for
> >>>>>>>>>> credentials,
> >>>>>>>>>> the CredentialStore. There is a reference to it in the scope
> >>>>>>>>>> document
> >>>>>>>>>> as
> >>>>>>>>>> follows:
> >>>>>>>>>>
> >>>>>>>>>> "4.3.c Credentials also in Identity Store? Perhap separate
> secured
> >>>>>>>>>> store?"
> >>>>>>>>>>
> >>>>>>>>>> These two stores are involved during the authentication process.
> >>>>>>>>>> Where
> >>>>>>>>>> you
> >>>>>>>>>> need to load an account (eg.: user) and authenticate based on a
> >>>>>>>>>> specific
> >>>>>>>>>> credential type (password, totp, X.509, token, etc).
> >>>>>>>>>>
> >>>>>>>>>> PermissionStore, on the other hand, is specific for permissions
> >>>>>>>>>> and
> >>>>>>>>>> is
> >>>>>>>>>> not
> >>>>>>>>>> related at all with authentication. Like you said, is related
> with
> >>>>>>>>>> acl
> >>>>>>>>>> authorization.
> >>>>>>>>>>
> >>>>>>>>>> I would say that in this case makes more sense Identity Store.
> >>>>>>>>>> Specially
> >>>>>>>>>> if you consider what Darran said about the potential to be
> widely
> >>>>>>>>>> referenced
> >>>>>>>>>> after authentication.
> >>>>>>>>>>
> >>>>>>>>>> One of the reasons for different and specific stores is that you
> >>>>>>>>>> may
> >>>>>>>>>> mix
> >>>>>>>>>> different repositories (Eg.: LDAP and JPA), where each one can
> be
> >>>>>>>>>> used
> >>>>>>>>>> to
> >>>>>>>>>> store only a specific type of information. For instance, use
> LDAP
> >>>>>>>>>> for
> >>>>>>>>>> users
> >>>>>>>>>> and credentials, but JPA for more fine grained authorization
> with
> >>>>>>>>>> permissions/acl. And also because each repository has its
> >>>>>>>>>> limitations.
> >>>>>>>>>> For
> >>>>>>>>>> instance, It is really hard to support ACL or even custom
> >>>>>>>>>> attributes
> >>>>>>>>>> in
> >>>>>>>>>> LDAP.
> >>>>>>>>>>
> >>>>>>>>>> Regards.
> >>>>>>>>>> Pedro Igor
> >>>>>>>>>>
> >>>>>>>>>> ----- Original Message -----
> >>>>>>>>>> From: "Werner Keil"<werner.keil_at_gmail.com>
> >>>>>>>>>> To: jsr375-experts_at_javaee-security-spec.java.net
> >>>>>>>>>> Sent: Thursday, April 9, 2015 12:18:32 PM
> >>>>>>>>>> Subject: [jsr375-experts] Re:
> 1-TerminologyAuthInteractionVsStore
> >>>>>>>>>> ACTION:
> >>>>>>>>>> cast vote
> >>>>>>>>>>
> >>>>>>>>>> Actually "IdentityStore" is also used in different PicketLink
> >>>>>>>>>> modules.
> >>>>>>>>>> So it uses "PermissionStore" in the context of
> "Authorization"/ACL
> >>>>>>>>>> and
> >>>>>>>>>> "IdentityStore" on the Authentication side.
> >>>>>>>>>> If we purely deal with Authentication, either "IdentityStore" or
> >>>>>>>>>> "AuthenticationStore" sound best.
> >>>>>>>>>> Otherwise I'd say "PermissionStore" (or "SecurityStore" to have
> >>>>>>>>>> another
> >>>>>>>>>> prefix to the simple "Store") sound more versatile.
> >>>>>>>>>>
> >>>>>>>>>> Werner
> >>>>>>>>>>
> >>>>>>>>>> On Thu, Apr 9, 2015 at 5:08 PM, Werner Keil<
> werner.keil_at_gmail.com>
> >>>>>>>>>> wrote:
> >>>>>>>>>>
> >>>>>>>>>>> PicketLink calls it PermissionStore. I could think of
> variations
> >>>>>>>>>>> including
> >>>>>>>>>>> SecurityStore (just Store seems a bit too wide)
> >>>>>>>>>>> but PermissionStore sounds fine to me.
> >>>>>>>>>>>
> >>>>>>>>>>> Regards,
> >>>>>>>>>>> Werner
> >>>>>>>>>>>
> >>>>>>>>>>> On Thu, Apr 9, 2015 at 4:32 PM, Darran Lofthouse<
> >>>>>>>>>>> darran.lofthouse_at_redhat.com> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>> Looks like I replied but did not vote ;-)
> >>>>>>>>>>>>
> >>>>>>>>>>>> My vote would be Realm or Identity Store.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Whilst I agree it's first use will be authentication I think
> it
> >>>>>>>>>>>> has
> >>>>>>>>>>>> the
> >>>>>>>>>>>> potential to be widely referenced after authentication.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Regards,
> >>>>>>>>>>>> Darran Lofthouse.
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> On 09/04/15 15:24, arjan tijms wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> We now have 4 votes:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> David Blevins: Store
> >>>>>>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>>>>> Alex Kosowski: Authentication Store / Identity Store
> >>>>>>>>>>>>> Rudy De Busscher: Security Provider
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> No other people have voted yet, although there have been some
> >>>>>>>>>>>>> additional comments.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Based on this, shall we establish "authentication store" as
> the
> >>>>>>>>>>>>> working term? Just so we all know what we're talking about.
> The
> >>>>>>>>>>>>> final
> >>>>>>>>>>>>> term can be something else still.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Kind regards,
> >>>>>>>>>>>>> Arjan
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On Mon, Mar 23, 2015 at 11:13 PM, arjan
> >>>>>>>>>>>>> tijms<arjan.tijms_at_gmail.com>
> >>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On Mon, Mar 23, 2015 at 10:32 PM, Alex Kosowski<
> >>>>>>>>>>>>>> alex.kosowski_at_oracle.com>
> >>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> To add a 13th option,
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> How about IdentityStore? That would reflect that we are
> >>>>>>>>>>>>>>> storing
> >>>>>>>>>>>>>>> identity
> >>>>>>>>>>>>>>> attributes.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I could absolutely see that working as well, sure. In
> >>>>>>>>>>>>>> terminology
> >>>>>>>>>>>>>> it
> >>>>>>>>>>>>>> has
> >>>>>>>>>>>>>> some connection with a JSR that was started some time ago,
> the
> >>>>>>>>>>>>>> Java
> >>>>>>>>>>>>>> Identity
> >>>>>>>>>>>>>> API (JSR 351), and with the term "authenticated identity"
> (the
> >>>>>>>>>>>>>> more
> >>>>>>>>>>>>>> formal
> >>>>>>>>>>>>>> alternative for "logged-in user").
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> But is Identity Store also a preference you have for the
> term,
> >>>>>>>>>>>>>> or
> >>>>>>>>>>>>>> just
> >>>>>>>>>>>>>> an
> >>>>>>>>>>>>>> alternative idea?
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Giving the overview again, it would now be:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> David Blevins: Store
> >>>>>>>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>>>>>> Alex Kosowski: Authentication Store / Identity Store
> >>>>>>>>>>>>>> Rudy De Busscher: Security Provider
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Kind regards,
> >>>>>>>>>>>>>> Arjan Tijms
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On 3/23/15 5:15 PM, Rudy De Busscher wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> the concept of "the store where users/callers and
> optionally
> >>>>>>>>>>>>>>> the
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> group/role data resides".
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Since you also have the group/role information, it is not
> >>>>>>>>>>>>>>> only
> >>>>>>>>>>>>>>> Authentication info anymore. So Authentication Store is
> then
> >>>>>>>>>>>>>>> confusing.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Store is indeed too general, so what about security
> provider
> >>>>>>>>>>>>>>> (if I
> >>>>>>>>>>>>>>> have to
> >>>>>>>>>>>>>>> take a term from the list proposed here)?
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> regards
> >>>>>>>>>>>>>>> Rudy
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On 23 March 2015 at 22:03, arjan tijms<
> arjan.tijms_at_gmail.com>
> >>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> On Monday, March 23, 2015, Alex
> >>>>>>>>>>>>>>>> Kosowski<alex.kosowski_at_oracle.com>
> >>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Hi Arjan,
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Does this indicates your preference, or is it just the
> term
> >>>>>>>>>>>>>>>>> Shiro
> >>>>>>>>>>>>>>>>> happened to use?
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> It was just a starting point.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Okay ;)
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> David Blevins: Store
> >>>>>>>>>>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Authentication Store is fine with me. Store seems a
> little
> >>>>>>>>>>>>>>>>> broad,
> >>>>>>>>>>>>>>>>> but
> >>>>>>>>>>>>>>>>> less typing.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Yes, for me too just store would feel too broad. AuthStore
> >>>>>>>>>>>>>>>> would
> >>>>>>>>>>>>>>>> seem
> >>>>>>>>>>>>>>>> to
> >>>>>>>>>>>>>>>> work at first, but I agree with Les who stated in another
> >>>>>>>>>>>>>>>> thread
> >>>>>>>>>>>>>>>> that
> >>>>>>>>>>>>>>>> we
> >>>>>>>>>>>>>>>> shouldn't use just "auth" anywhere.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> While very common, it unfortunately makes it hard to
> >>>>>>>>>>>>>>>> distinguish
> >>>>>>>>>>>>>>>> between
> >>>>>>>>>>>>>>>> authentication and authorization.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> So we now have;
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> David Blevins: Store
> >>>>>>>>>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>>>>>>>> Alex Kosowski; Authentication Store
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Anyone else?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Kind regards,
> >>>>>>>>>>>>>>>> Arjan Tijms
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>>>> Alex
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> On 3/20/15 8:56 AM, arjan tijms wrote:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> The doc is a great start, thanks Alex :)
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> I noticed that relevant to the issue described in this
> >>>>>>>>>>>>>>>>> thread,
> >>>>>>>>>>>>>>>>> the
> >>>>>>>>>>>>>>>>> document has chosen the term "Realm" for the concept of
> >>>>>>>>>>>>>>>>> "the
> >>>>>>>>>>>>>>>>> store
> >>>>>>>>>>>>>>>>> where
> >>>>>>>>>>>>>>>>> users/callers and optionally the group/role data
> resides".
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Does this indicates your preference, or is it just the
> term
> >>>>>>>>>>>>>>>>> Shiro
> >>>>>>>>>>>>>>>>> happened to use?
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> What about a round of voting (non-binding at this stage,
> >>>>>>>>>>>>>>>>> just
> >>>>>>>>>>>>>>>>> to
> >>>>>>>>>>>>>>>>> test
> >>>>>>>>>>>>>>>>> the waters)? That way we at least can establish a working
> >>>>>>>>>>>>>>>>> term
> >>>>>>>>>>>>>>>>> that
> >>>>>>>>>>>>>>>>> we can
> >>>>>>>>>>>>>>>>> use in the different discussions and issues that have
> >>>>>>>>>>>>>>>>> already
> >>>>>>>>>>>>>>>>> all
> >>>>>>>>>>>>>>>>> started to
> >>>>>>>>>>>>>>>>> use different terms.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> The list of proposed terms is now the following:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> security provider (WebLogic)
> >>>>>>>>>>>>>>>>> realm (Tomcat, Shiro, some hints in Servlet spec)
> >>>>>>>>>>>>>>>>> (authentication) repository
> >>>>>>>>>>>>>>>>> (authentication) store
> >>>>>>>>>>>>>>>>> login module (JAAS)
> >>>>>>>>>>>>>>>>> identity manager (Undertow)
> >>>>>>>>>>>>>>>>> service provider
> >>>>>>>>>>>>>>>>> relying party
> >>>>>>>>>>>>>>>>> authenticator (Resin, OmniSecurity, Seam Security)
> >>>>>>>>>>>>>>>>> user service (?, used by 375 JSR)
> >>>>>>>>>>>>>>>>> authentication provider (Spring Security)
> >>>>>>>>>>>>>>>>> identity provider
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> I'd like to ask everyone on this list to vote for your
> >>>>>>>>>>>>>>>>> preferred
> >>>>>>>>>>>>>>>>> term.
> >>>>>>>>>>>>>>>>> David had already expressed favoring "store" in the JIRA
> >>>>>>>>>>>>>>>>> issue,
> >>>>>>>>>>>>>>>>> which is
> >>>>>>>>>>>>>>>>> together with "repository" also my favorite, although I
> >>>>>>>>>>>>>>>>> like
> >>>>>>>>>>>>>>>>> to
> >>>>>>>>>>>>>>>>> prefix it
> >>>>>>>>>>>>>>>>> with "authentication".
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> So the current outcome is:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> David Blevins: Store
> >>>>>>>>>>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Kind regards,
> >>>>>>>>>>>>>>>>> Arjan Tijms
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> On Thu, Mar 19, 2015 at 3:25 AM, Alex Kosowski
> >>>>>>>>>>>>>>>>> <alex.kosowski_at_oracle.com> wrote:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> I created a draft document for adding/editing EE
> Security
> >>>>>>>>>>>>>>>>>> API
> >>>>>>>>>>>>>>>>>> Terminology on an on-going basis.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> https://docs.google.com/document/d/1eaNCUa78Eytt73WYvDHrsS3klTzHL
> >>>>>>>>>>>>>>>>>> 0xD5vswHhT-KVY/edit?usp=sharing
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> This a Google doc viewable by the public and editable by
> >>>>>>>>>>>>>>>>>> those
> >>>>>>>>>>>>>>>>>> in
> >>>>>>>>>>>>>>>>>> the
> >>>>>>>>>>>>>>>>>> Google Group jsr375-experts_at_googlegroups.com, of which
> all
> >>>>>>>>>>>>>>>>>> of
> >>>>>>>>>>>>>>>>>> you
> >>>>>>>>>>>>>>>>>> should be
> >>>>>>>>>>>>>>>>>> a member.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Alex
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> On 3/8/15 5:01 PM, arjan tijms wrote:
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Hi there,
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> A while ago I created
> >>>>>>>>>>>>>>>>>> https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-1,
> which
> >>>>>>>>>>>>>>>>>> seeks
> >>>>>>>>>>>>>>>>>> to
> >>>>>>>>>>>>>>>>>> establish clear terminology for two concepts that often
> >>>>>>>>>>>>>>>>>> come
> >>>>>>>>>>>>>>>>>> up
> >>>>>>>>>>>>>>>>>> in
> >>>>>>>>>>>>>>>>>> authentication:
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> 1. The (user) interaction method via which
> credentials
> >>>>>>>>>>>>>>>>>> are
> >>>>>>>>>>>>>>>>>> obtained
> >>>>>>>>>>>>>>>>>> (FORM, BASIC, etc)
> >>>>>>>>>>>>>>>>>> 2. The store where users/callers and optionally the
> >>>>>>>>>>>>>>>>>> group/role
> >>>>>>>>>>>>>>>>>> data
> >>>>>>>>>>>>>>>>>> resides
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Not only do I see very different terms being used for
> both
> >>>>>>>>>>>>>>>>>> of
> >>>>>>>>>>>>>>>>>> these
> >>>>>>>>>>>>>>>>>> concepts which is a problem by itself, but the lack of
> >>>>>>>>>>>>>>>>>> consistent
> >>>>>>>>>>>>>>>>>> terminology makes it unclear what people are really
> asking
> >>>>>>>>>>>>>>>>>> at
> >>>>>>>>>>>>>>>>>> times.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Your thoughts?
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Kind regards,
> >>>>>>>>>>>>>>>>>> Arjan Tijms
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>
> >>
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.