On Fri, Apr 10, 2015 at 8:44 AM, Jean-Louis Monteiro
<jlmonteiro_at_tomitribe.com> wrote:
> Oups, thought I voted but looks like no.
>
> If it's still time, "authentication store" for me if we wan't to really
> qualify what's the store is about.
> Otherwise "store" only is enough.
Thanks!
Latest votes overview then becomes:
9 out of 14 voted:
David Blevins: Store
Arjan Tijms: Authentication Store
Alex Kosowski: Identity Store
Rudy De Busscher: Security Provider
Darran Lofthouse: Realm / Identity Store
Werner Keil: Authentication Store / Identity Store
Ajay Reddy: Identity Store / User Repository / Realm
Pedro Igor: Identity Store
Jean-Louis Monteiro: Authentication Store / Store
Organized per term:
Identity Store - 5
Authentication Store - 3
Realm - 3
Store - 1
Security Provider - 1
User Repository - 1
>
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>
> On Fri, Apr 10, 2015 at 12:22 AM, arjan tijms <arjan.tijms_at_gmail.com> wrote:
>>
>> On Fri, Apr 10, 2015 at 12:11 AM, Alex Kosowski
>> <alex.kosowski_at_oracle.com> wrote:
>> > I change my vote to just "Identity Store"
>>
>> Okay, so then we have:
>>
>> David Blevins: Store
>> Arjan Tijms: Authentication Store
>> Alex Kosowski: Identity Store
>> Rudy De Busscher: Security Provider
>> Darran Lofthouse: Realm / Identity Store
>> Werner Keil: Authentication Store / Identity Store
>> Ajay Reddy: Identity Store / User Repository / Realm
>> Pedro Igor: Identity Store
>>
>>
>> Organized per term:
>>
>> Identity Store - 5
>> Authentication Store - 2
>> Realm - 2
>> Store - 1
>> Security Provider - 1
>> User Repository - 1
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>>
>> >
>> >
>> > On 4/9/15 5:56 PM, Pedro Igor Silva wrote:
>> >>
>> >> In PicketLink, IdentityStore is mainly related on how you manage
>> >> identities and relationships. Identities would be users, roles, groups,
>> >> applications, etc. And relationships would be grants(rbac), group
>> >> membership(gbac) and so forth. It is basically a CRUD interface, base
>> >> for
>> >> all others specific stores we have.
>> >>
>> >> Regarding authentication, there is also a specific store for
>> >> credentials,
>> >> the CredentialStore. There is a reference to it in the scope document
>> >> as
>> >> follows:
>> >>
>> >> "4.3.c Credentials also in Identity Store? Perhap separate secured
>> >> store?"
>> >>
>> >> These two stores are involved during the authentication process. Where
>> >> you
>> >> need to load an account (eg.: user) and authenticate based on a
>> >> specific
>> >> credential type (password, totp, X.509, token, etc).
>> >>
>> >> PermissionStore, on the other hand, is specific for permissions and is
>> >> not
>> >> related at all with authentication. Like you said, is related with acl
>> >> authorization.
>> >>
>> >> I would say that in this case makes more sense Identity Store.
>> >> Specially
>> >> if you consider what Darran said about the potential to be widely
>> >> referenced
>> >> after authentication.
>> >>
>> >> One of the reasons for different and specific stores is that you may
>> >> mix
>> >> different repositories (Eg.: LDAP and JPA), where each one can be used
>> >> to
>> >> store only a specific type of information. For instance, use LDAP for
>> >> users
>> >> and credentials, but JPA for more fine grained authorization with
>> >> permissions/acl. And also because each repository has its limitations.
>> >> For
>> >> instance, It is really hard to support ACL or even custom attributes in
>> >> LDAP.
>> >>
>> >> Regards.
>> >> Pedro Igor
>> >>
>> >> ----- Original Message -----
>> >> From: "Werner Keil"<werner.keil_at_gmail.com>
>> >> To: jsr375-experts_at_javaee-security-spec.java.net
>> >> Sent: Thursday, April 9, 2015 12:18:32 PM
>> >> Subject: [jsr375-experts] Re: 1-TerminologyAuthInteractionVsStore
>> >> ACTION:
>> >> cast vote
>> >>
>> >> Actually "IdentityStore" is also used in different PicketLink modules.
>> >> So it uses "PermissionStore" in the context of "Authorization"/ACL and
>> >> "IdentityStore" on the Authentication side.
>> >> If we purely deal with Authentication, either "IdentityStore" or
>> >> "AuthenticationStore" sound best.
>> >> Otherwise I'd say "PermissionStore" (or "SecurityStore" to have another
>> >> prefix to the simple "Store") sound more versatile.
>> >>
>> >> Werner
>> >>
>> >> On Thu, Apr 9, 2015 at 5:08 PM, Werner Keil<werner.keil_at_gmail.com>
>> >> wrote:
>> >>
>> >>> PicketLink calls it PermissionStore. I could think of variations
>> >>> including
>> >>> SecurityStore (just Store seems a bit too wide)
>> >>> but PermissionStore sounds fine to me.
>> >>>
>> >>> Regards,
>> >>> Werner
>> >>>
>> >>> On Thu, Apr 9, 2015 at 4:32 PM, Darran Lofthouse<
>> >>> darran.lofthouse_at_redhat.com> wrote:
>> >>>
>> >>>> Looks like I replied but did not vote ;-)
>> >>>>
>> >>>> My vote would be Realm or Identity Store.
>> >>>>
>> >>>> Whilst I agree it's first use will be authentication I think it has
>> >>>> the
>> >>>> potential to be widely referenced after authentication.
>> >>>>
>> >>>> Regards,
>> >>>> Darran Lofthouse.
>> >>>>
>> >>>>
>> >>>>
>> >>>> On 09/04/15 15:24, arjan tijms wrote:
>> >>>>
>> >>>>> Hi,
>> >>>>>
>> >>>>> We now have 4 votes:
>> >>>>>
>> >>>>> David Blevins: Store
>> >>>>> Arjan Tijms: Authentication Store
>> >>>>> Alex Kosowski: Authentication Store / Identity Store
>> >>>>> Rudy De Busscher: Security Provider
>> >>>>>
>> >>>>> No other people have voted yet, although there have been some
>> >>>>> additional comments.
>> >>>>>
>> >>>>> Based on this, shall we establish "authentication store" as the
>> >>>>> working term? Just so we all know what we're talking about. The
>> >>>>> final
>> >>>>> term can be something else still.
>> >>>>>
>> >>>>> Kind regards,
>> >>>>> Arjan
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> On Mon, Mar 23, 2015 at 11:13 PM, arjan tijms<arjan.tijms_at_gmail.com>
>> >>>>> wrote:
>> >>>>>
>> >>>>>> Hi,
>> >>>>>>
>> >>>>>> On Mon, Mar 23, 2015 at 10:32 PM, Alex Kosowski<
>> >>>>>> alex.kosowski_at_oracle.com>
>> >>>>>> wrote:
>> >>>>>>
>> >>>>>>> To add a 13th option,
>> >>>>>>>
>> >>>>>>> How about IdentityStore? That would reflect that we are storing
>> >>>>>>> identity
>> >>>>>>> attributes.
>> >>>>>>>
>> >>>>>>
>> >>>>>> I could absolutely see that working as well, sure. In terminology
>> >>>>>> it
>> >>>>>> has
>> >>>>>> some connection with a JSR that was started some time ago, the Java
>> >>>>>> Identity
>> >>>>>> API (JSR 351), and with the term "authenticated identity" (the more
>> >>>>>> formal
>> >>>>>> alternative for "logged-in user").
>> >>>>>>
>> >>>>>> But is Identity Store also a preference you have for the term, or
>> >>>>>> just
>> >>>>>> an
>> >>>>>> alternative idea?
>> >>>>>>
>> >>>>>> Giving the overview again, it would now be:
>> >>>>>>
>> >>>>>> David Blevins: Store
>> >>>>>> Arjan Tijms: Authentication Store
>> >>>>>> Alex Kosowski: Authentication Store / Identity Store
>> >>>>>> Rudy De Busscher: Security Provider
>> >>>>>>
>> >>>>>> Kind regards,
>> >>>>>> Arjan Tijms
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>>>
>> >>>>>>> On 3/23/15 5:15 PM, Rudy De Busscher wrote:
>> >>>>>>>
>> >>>>>>> Hi,
>> >>>>>>>
>> >>>>>>> the concept of "the store where users/callers and optionally the
>> >>>>>>>>
>> >>>>>>>> group/role data resides".
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>> Since you also have the group/role information, it is not only
>> >>>>>>> Authentication info anymore. So Authentication Store is then
>> >>>>>>> confusing.
>> >>>>>>>
>> >>>>>>> Store is indeed too general, so what about security provider (if I
>> >>>>>>> have to
>> >>>>>>> take a term from the list proposed here)?
>> >>>>>>>
>> >>>>>>> regards
>> >>>>>>> Rudy
>> >>>>>>>
>> >>>>>>> On 23 March 2015 at 22:03, arjan tijms<arjan.tijms_at_gmail.com>
>> >>>>>>> wrote:
>> >>>>>>>
>> >>>>>>>> Hi,
>> >>>>>>>>
>> >>>>>>>> On Monday, March 23, 2015, Alex
>> >>>>>>>> Kosowski<alex.kosowski_at_oracle.com>
>> >>>>>>>> wrote:
>> >>>>>>>>
>> >>>>>>>>> Hi Arjan,
>> >>>>>>>>>
>> >>>>>>>>> Does this indicates your preference, or is it just the term
>> >>>>>>>>> Shiro
>> >>>>>>>>> happened to use?
>> >>>>>>>>>
>> >>>>>>>>> It was just a starting point.
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>> Okay ;)
>> >>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> David Blevins: Store
>> >>>>>>>>> Arjan Tijms: Authentication Store
>> >>>>>>>>>
>> >>>>>>>>> Authentication Store is fine with me. Store seems a little
>> >>>>>>>>> broad,
>> >>>>>>>>> but
>> >>>>>>>>> less typing.
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>> Yes, for me too just store would feel too broad. AuthStore would
>> >>>>>>>> seem
>> >>>>>>>> to
>> >>>>>>>> work at first, but I agree with Les who stated in another thread
>> >>>>>>>> that
>> >>>>>>>> we
>> >>>>>>>> shouldn't use just "auth" anywhere.
>> >>>>>>>>
>> >>>>>>>> While very common, it unfortunately makes it hard to distinguish
>> >>>>>>>> between
>> >>>>>>>> authentication and authorization.
>> >>>>>>>>
>> >>>>>>>> So we now have;
>> >>>>>>>>
>> >>>>>>>> David Blevins: Store
>> >>>>>>>> Arjan Tijms: Authentication Store
>> >>>>>>>> Alex Kosowski; Authentication Store
>> >>>>>>>>
>> >>>>>>>> Anyone else?
>> >>>>>>>>
>> >>>>>>>> Kind regards,
>> >>>>>>>> Arjan Tijms
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> Thanks,
>> >>>>>>>>> Alex
>> >>>>>>>>>
>> >>>>>>>>> On 3/20/15 8:56 AM, arjan tijms wrote:
>> >>>>>>>>>
>> >>>>>>>>> Hi,
>> >>>>>>>>>
>> >>>>>>>>> The doc is a great start, thanks Alex :)
>> >>>>>>>>>
>> >>>>>>>>> I noticed that relevant to the issue described in this thread,
>> >>>>>>>>> the
>> >>>>>>>>> document has chosen the term "Realm" for the concept of "the
>> >>>>>>>>> store
>> >>>>>>>>> where
>> >>>>>>>>> users/callers and optionally the group/role data resides".
>> >>>>>>>>>
>> >>>>>>>>> Does this indicates your preference, or is it just the term
>> >>>>>>>>> Shiro
>> >>>>>>>>> happened to use?
>> >>>>>>>>>
>> >>>>>>>>> What about a round of voting (non-binding at this stage, just to
>> >>>>>>>>> test
>> >>>>>>>>> the waters)? That way we at least can establish a working term
>> >>>>>>>>> that
>> >>>>>>>>> we can
>> >>>>>>>>> use in the different discussions and issues that have already
>> >>>>>>>>> all
>> >>>>>>>>> started to
>> >>>>>>>>> use different terms.
>> >>>>>>>>>
>> >>>>>>>>> The list of proposed terms is now the following:
>> >>>>>>>>>
>> >>>>>>>>> security provider (WebLogic)
>> >>>>>>>>> realm (Tomcat, Shiro, some hints in Servlet spec)
>> >>>>>>>>> (authentication) repository
>> >>>>>>>>> (authentication) store
>> >>>>>>>>> login module (JAAS)
>> >>>>>>>>> identity manager (Undertow)
>> >>>>>>>>> service provider
>> >>>>>>>>> relying party
>> >>>>>>>>> authenticator (Resin, OmniSecurity, Seam Security)
>> >>>>>>>>> user service (?, used by 375 JSR)
>> >>>>>>>>> authentication provider (Spring Security)
>> >>>>>>>>> identity provider
>> >>>>>>>>>
>> >>>>>>>>> I'd like to ask everyone on this list to vote for your preferred
>> >>>>>>>>> term.
>> >>>>>>>>> David had already expressed favoring "store" in the JIRA issue,
>> >>>>>>>>> which is
>> >>>>>>>>> together with "repository" also my favorite, although I like to
>> >>>>>>>>> prefix it
>> >>>>>>>>> with "authentication".
>> >>>>>>>>>
>> >>>>>>>>> So the current outcome is:
>> >>>>>>>>>
>> >>>>>>>>> David Blevins: Store
>> >>>>>>>>> Arjan Tijms: Authentication Store
>> >>>>>>>>>
>> >>>>>>>>> Kind regards,
>> >>>>>>>>> Arjan Tijms
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> On Thu, Mar 19, 2015 at 3:25 AM, Alex Kosowski
>> >>>>>>>>> <alex.kosowski_at_oracle.com> wrote:
>> >>>>>>>>>
>> >>>>>>>>>> Hi,
>> >>>>>>>>>>
>> >>>>>>>>>> I created a draft document for adding/editing EE Security API
>> >>>>>>>>>> Terminology on an on-going basis.
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> https://docs.google.com/document/d/1eaNCUa78Eytt73WYvDHrsS3klTzHL
>> >>>>>>>>>> 0xD5vswHhT-KVY/edit?usp=sharing
>> >>>>>>>>>>
>> >>>>>>>>>> This a Google doc viewable by the public and editable by those
>> >>>>>>>>>> in
>> >>>>>>>>>> the
>> >>>>>>>>>> Google Group jsr375-experts_at_googlegroups.com, of which all of
>> >>>>>>>>>> you
>> >>>>>>>>>> should be
>> >>>>>>>>>> a member.
>> >>>>>>>>>>
>> >>>>>>>>>> Alex
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> On 3/8/15 5:01 PM, arjan tijms wrote:
>> >>>>>>>>>>
>> >>>>>>>>>> Hi there,
>> >>>>>>>>>>
>> >>>>>>>>>> A while ago I created
>> >>>>>>>>>> https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-1, which
>> >>>>>>>>>> seeks
>> >>>>>>>>>> to
>> >>>>>>>>>> establish clear terminology for two concepts that often come up
>> >>>>>>>>>> in
>> >>>>>>>>>> authentication:
>> >>>>>>>>>>
>> >>>>>>>>>> 1. The (user) interaction method via which credentials are
>> >>>>>>>>>> obtained
>> >>>>>>>>>> (FORM, BASIC, etc)
>> >>>>>>>>>> 2. The store where users/callers and optionally the
>> >>>>>>>>>> group/role
>> >>>>>>>>>> data
>> >>>>>>>>>> resides
>> >>>>>>>>>>
>> >>>>>>>>>> Not only do I see very different terms being used for both of
>> >>>>>>>>>> these
>> >>>>>>>>>> concepts which is a problem by itself, but the lack of
>> >>>>>>>>>> consistent
>> >>>>>>>>>> terminology makes it unclear what people are really asking at
>> >>>>>>>>>> times.
>> >>>>>>>>>>
>> >>>>>>>>>> Your thoughts?
>> >>>>>>>>>>
>> >>>>>>>>>> Kind regards,
>> >>>>>>>>>> Arjan Tijms
>> >>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>
>> >
>
>