Hi,
On Thu, Apr 9, 2015 at 5:18 PM, Werner Keil <werner.keil_at_gmail.com> wrote:
> Actually "IdentityStore" is also used in different PicketLink modules.
> So it uses "PermissionStore" in the context of "Authorization"/ACL and
> "IdentityStore" on the Authentication side.
There are a few other terms indeed. The list I presented earlier is
already long, and still there are more terms. IBM for instance calls
it "user registry" (have to double check whether it's really the same,
but I think it is).
> If we purely deal with Authentication, either "IdentityStore" or
> "AuthenticationStore" sound best.
> Otherwise I'd say "PermissionStore" (or "SecurityStore" to have another
> prefix to the simple "Store") sound more versatile.
Do note that for now it's not about picking the absolute best or final
term, but just to establish at least a working term.
Any way, I think I can list 6 voters now:
David Blevins: Store
Arjan Tijms: Authentication Store
Alex Kosowski: Authentication Store / Identity Store
Rudy De Busscher: Security Provider
Darran Lofthouse: Realm / Identity Store
Werner Keil: Authentication Store / Identity Store
Organized per term:
Authentication Store - 3
Identity Store - 3
Store - 1
Security Provider - 1
Realm - 1
@David, you said just "store" before, but from your comment it looked
like you would have been okay with a variation. Would you like to
change it to either "Authentication Store" or "Identity Store", or is
just "store" really your preferred term?
Kind regards,
Arjan
>
> Werner
>
> On Thu, Apr 9, 2015 at 5:08 PM, Werner Keil <werner.keil_at_gmail.com> wrote:
>>
>> PicketLink calls it PermissionStore. I could think of variations including
>> SecurityStore (just Store seems a bit too wide)
>> but PermissionStore sounds fine to me.
>>
>> Regards,
>> Werner
>>
>> On Thu, Apr 9, 2015 at 4:32 PM, Darran Lofthouse
>> <darran.lofthouse_at_redhat.com> wrote:
>>>
>>> Looks like I replied but did not vote ;-)
>>>
>>> My vote would be Realm or Identity Store.
>>>
>>> Whilst I agree it's first use will be authentication I think it has the
>>> potential to be widely referenced after authentication.
>>>
>>> Regards,
>>> Darran Lofthouse.
>>>
>>>
>>>
>>> On 09/04/15 15:24, arjan tijms wrote:
>>>>
>>>> Hi,
>>>>
>>>> We now have 4 votes:
>>>>
>>>> David Blevins: Store
>>>> Arjan Tijms: Authentication Store
>>>> Alex Kosowski: Authentication Store / Identity Store
>>>> Rudy De Busscher: Security Provider
>>>>
>>>> No other people have voted yet, although there have been some
>>>> additional comments.
>>>>
>>>> Based on this, shall we establish "authentication store" as the
>>>> working term? Just so we all know what we're talking about. The final
>>>> term can be something else still.
>>>>
>>>> Kind regards,
>>>> Arjan
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Mar 23, 2015 at 11:13 PM, arjan tijms <arjan.tijms_at_gmail.com>
>>>> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> On Mon, Mar 23, 2015 at 10:32 PM, Alex Kosowski
>>>>> <alex.kosowski_at_oracle.com>
>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> To add a 13th option,
>>>>>>
>>>>>> How about IdentityStore? That would reflect that we are storing
>>>>>> identity
>>>>>> attributes.
>>>>>
>>>>>
>>>>>
>>>>> I could absolutely see that working as well, sure. In terminology it
>>>>> has
>>>>> some connection with a JSR that was started some time ago, the Java
>>>>> Identity
>>>>> API (JSR 351), and with the term "authenticated identity" (the more
>>>>> formal
>>>>> alternative for "logged-in user").
>>>>>
>>>>> But is Identity Store also a preference you have for the term, or just
>>>>> an
>>>>> alternative idea?
>>>>>
>>>>> Giving the overview again, it would now be:
>>>>>
>>>>> David Blevins: Store
>>>>> Arjan Tijms: Authentication Store
>>>>> Alex Kosowski: Authentication Store / Identity Store
>>>>> Rudy De Busscher: Security Provider
>>>>>
>>>>> Kind regards,
>>>>> Arjan Tijms
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 3/23/15 5:15 PM, Rudy De Busscher wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>> the concept of "the store where users/callers and optionally the
>>>>>>> group/role data resides".
>>>>>>
>>>>>>
>>>>>>
>>>>>> Since you also have the group/role information, it is not only
>>>>>> Authentication info anymore. So Authentication Store is then
>>>>>> confusing.
>>>>>>
>>>>>> Store is indeed too general, so what about security provider (if I
>>>>>> have to
>>>>>> take a term from the list proposed here)?
>>>>>>
>>>>>> regards
>>>>>> Rudy
>>>>>>
>>>>>> On 23 March 2015 at 22:03, arjan tijms <arjan.tijms_at_gmail.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> On Monday, March 23, 2015, Alex Kosowski <alex.kosowski_at_oracle.com>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi Arjan,
>>>>>>>>
>>>>>>>> Does this indicates your preference, or is it just the term Shiro
>>>>>>>> happened to use?
>>>>>>>>
>>>>>>>> It was just a starting point.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Okay ;)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> David Blevins: Store
>>>>>>>> Arjan Tijms: Authentication Store
>>>>>>>>
>>>>>>>> Authentication Store is fine with me. Store seems a little broad,
>>>>>>>> but
>>>>>>>> less typing.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Yes, for me too just store would feel too broad. AuthStore would seem
>>>>>>> to
>>>>>>> work at first, but I agree with Les who stated in another thread that
>>>>>>> we
>>>>>>> shouldn't use just "auth" anywhere.
>>>>>>>
>>>>>>> While very common, it unfortunately makes it hard to distinguish
>>>>>>> between
>>>>>>> authentication and authorization.
>>>>>>>
>>>>>>> So we now have;
>>>>>>>
>>>>>>> David Blevins: Store
>>>>>>> Arjan Tijms: Authentication Store
>>>>>>> Alex Kosowski; Authentication Store
>>>>>>>
>>>>>>> Anyone else?
>>>>>>>
>>>>>>> Kind regards,
>>>>>>> Arjan Tijms
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Alex
>>>>>>>>
>>>>>>>> On 3/20/15 8:56 AM, arjan tijms wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> The doc is a great start, thanks Alex :)
>>>>>>>>
>>>>>>>> I noticed that relevant to the issue described in this thread, the
>>>>>>>> document has chosen the term "Realm" for the concept of "the store
>>>>>>>> where
>>>>>>>> users/callers and optionally the group/role data resides".
>>>>>>>>
>>>>>>>> Does this indicates your preference, or is it just the term Shiro
>>>>>>>> happened to use?
>>>>>>>>
>>>>>>>> What about a round of voting (non-binding at this stage, just to
>>>>>>>> test
>>>>>>>> the waters)? That way we at least can establish a working term that
>>>>>>>> we can
>>>>>>>> use in the different discussions and issues that have already all
>>>>>>>> started to
>>>>>>>> use different terms.
>>>>>>>>
>>>>>>>> The list of proposed terms is now the following:
>>>>>>>>
>>>>>>>> security provider (WebLogic)
>>>>>>>> realm (Tomcat, Shiro, some hints in Servlet spec)
>>>>>>>> (authentication) repository
>>>>>>>> (authentication) store
>>>>>>>> login module (JAAS)
>>>>>>>> identity manager (Undertow)
>>>>>>>> service provider
>>>>>>>> relying party
>>>>>>>> authenticator (Resin, OmniSecurity, Seam Security)
>>>>>>>> user service (?, used by 375 JSR)
>>>>>>>> authentication provider (Spring Security)
>>>>>>>> identity provider
>>>>>>>>
>>>>>>>> I'd like to ask everyone on this list to vote for your preferred
>>>>>>>> term.
>>>>>>>> David had already expressed favoring "store" in the JIRA issue,
>>>>>>>> which is
>>>>>>>> together with "repository" also my favorite, although I like to
>>>>>>>> prefix it
>>>>>>>> with "authentication".
>>>>>>>>
>>>>>>>> So the current outcome is:
>>>>>>>>
>>>>>>>> David Blevins: Store
>>>>>>>> Arjan Tijms: Authentication Store
>>>>>>>>
>>>>>>>> Kind regards,
>>>>>>>> Arjan Tijms
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Mar 19, 2015 at 3:25 AM, Alex Kosowski
>>>>>>>> <alex.kosowski_at_oracle.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I created a draft document for adding/editing EE Security API
>>>>>>>>> Terminology on an on-going basis.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> https://docs.google.com/document/d/1eaNCUa78Eytt73WYvDHrsS3klTzHL0xD5vswHhT-KVY/edit?usp=sharing
>>>>>>>>>
>>>>>>>>> This a Google doc viewable by the public and editable by those in
>>>>>>>>> the
>>>>>>>>> Google Group jsr375-experts_at_googlegroups.com, of which all of you
>>>>>>>>> should be
>>>>>>>>> a member.
>>>>>>>>>
>>>>>>>>> Alex
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 3/8/15 5:01 PM, arjan tijms wrote:
>>>>>>>>>
>>>>>>>>> Hi there,
>>>>>>>>>
>>>>>>>>> A while ago I created
>>>>>>>>> https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-1, which seeks to
>>>>>>>>> establish clear terminology for two concepts that often come up in
>>>>>>>>> authentication:
>>>>>>>>>
>>>>>>>>> 1. The (user) interaction method via which credentials are
>>>>>>>>> obtained
>>>>>>>>> (FORM, BASIC, etc)
>>>>>>>>> 2. The store where users/callers and optionally the group/role
>>>>>>>>> data
>>>>>>>>> resides
>>>>>>>>>
>>>>>>>>> Not only do I see very different terms being used for both of these
>>>>>>>>> concepts which is a problem by itself, but the lack of consistent
>>>>>>>>> terminology makes it unclear what people are really asking at
>>>>>>>>> times.
>>>>>>>>>
>>>>>>>>> Your thoughts?
>>>>>>>>>
>>>>>>>>> Kind regards,
>>>>>>>>> Arjan Tijms
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>
>>
>