Hi,
On Monday, April 13, 2015, Adam Bien <abien_at_adam-bien.com> wrote:
> I'm for Identity Store or Realm
I think that means we have a winner ;)
Identity store - 8
Realm - 4
If the 3 remaining people would all vote realm now then identity store
would still win.
> I think Java EE borrowed the term "Realm" from Basic Authentication:
> http://tools.ietf.org/html/rfc2617 ("Protection Space")
I think so too, and I always got the feeling that "realm" should only apply
to basic authentication in web.xml. But because of a lack of any other
way it's also often used for the FORM authentication mechanism to let the
user indicate which identity store to use for it.
Kind regards,
Arjan Tijms
>
> A realm could be anything, but from pragmatic point of view it is an
> Identity Store.
> > On 13.04.2015, at 17:52, arjan tijms <arjan.tijms_at_gmail.com
> <javascript:;>> wrote:
> >
> > Hi,
> >
> > On Fri, Apr 10, 2015 at 10:23 AM, Ivar Grimstad <ivar.grimstad_at_gmail.com
> <javascript:;>> wrote:
> >> Identity Store for me.
> >
> > Thanks for the vote! Current status is now:
> >
> > 10 out of 14 voted:
> >
> > David Blevins: Store
> > Arjan Tijms: Authentication Store
> > Alex Kosowski: Identity Store
> > Rudy De Busscher: Security Provider
> > Darran Lofthouse: Realm / Identity Store
> > Werner Keil: Authentication Store / Identity Store
> > Ajay Reddy: Identity Store / User Repository / Realm
> > Pedro Igor: Identity Store
> > Jean-Louis Monteiro: Authentication Store / Store
> > Ivar Grimstad: Identity Store
> >
> >
> > Organized per term:
> >
> > Identity Store - 6
> > Authentication Store - 3
> > Realm - 3
> > Store - 1
> > Security Provider - 1
> > User Repository - 1
> >
> > I'm willing to change my vote to "Identity Store" as well, so we'd then
> have:
> >
> > David Blevins: Store
> > Arjan Tijms: Identity Store
> > Alex Kosowski: Identity Store
> > Rudy De Busscher: Security Provider
> > Darran Lofthouse: Realm / Identity Store
> > Werner Keil: Authentication Store / Identity Store
> > Ajay Reddy: Identity Store / User Repository / Realm
> > Pedro Igor: Identity Store
> > Jean-Louis Monteiro: Authentication Store / Store
> > Ivar Grimstad: Identity Store
> >
> >
> > Organized per term:
> >
> > Identity Store - 7
> > Realm - 3
> > Authentication Store - 2
> > Store - 1
> > Security Provider - 1
> > User Repository - 1
> >
> > So if Adam Bien, Will Hopkins, Matt Konda and Les Hazlewood all voted
> > "realm" we'd have a tie, but otherwise there's not much that stands in
> > the way of "identity store" for the working term.
> >
> > Kind regards,
> > Arjan Tijms
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >>
> >> On Apr 10, 2015 9:16 AM, "arjan tijms" <arjan.tijms_at_gmail.com
> <javascript:;>> wrote:
> >>>
> >>> On Fri, Apr 10, 2015 at 8:44 AM, Jean-Louis Monteiro
> >>> <jlmonteiro_at_tomitribe.com <javascript:;>> wrote:
> >>>> Oups, thought I voted but looks like no.
> >>>>
> >>>> If it's still time, "authentication store" for me if we wan't to
> really
> >>>> qualify what's the store is about.
> >>>> Otherwise "store" only is enough.
> >>>
> >>> Thanks!
> >>>
> >>> Latest votes overview then becomes:
> >>>
> >>> 9 out of 14 voted:
> >>>
> >>> David Blevins: Store
> >>> Arjan Tijms: Authentication Store
> >>> Alex Kosowski: Identity Store
> >>> Rudy De Busscher: Security Provider
> >>> Darran Lofthouse: Realm / Identity Store
> >>> Werner Keil: Authentication Store / Identity Store
> >>> Ajay Reddy: Identity Store / User Repository / Realm
> >>> Pedro Igor: Identity Store
> >>> Jean-Louis Monteiro: Authentication Store / Store
> >>>
> >>>
> >>> Organized per term:
> >>>
> >>> Identity Store - 5
> >>> Authentication Store - 3
> >>> Realm - 3
> >>> Store - 1
> >>> Security Provider - 1
> >>> User Repository - 1
> >>>
> >>>
> >>>>
> >>>> --
> >>>> Jean-Louis Monteiro
> >>>> http://twitter.com/jlouismonteiro
> >>>> http://www.tomitribe.com
> >>>>
> >>>> On Fri, Apr 10, 2015 at 12:22 AM, arjan tijms <arjan.tijms_at_gmail.com
> <javascript:;>>
> >>>> wrote:
> >>>>>
> >>>>> On Fri, Apr 10, 2015 at 12:11 AM, Alex Kosowski
> >>>>> <alex.kosowski_at_oracle.com <javascript:;>> wrote:
> >>>>>> I change my vote to just "Identity Store"
> >>>>>
> >>>>> Okay, so then we have:
> >>>>>
> >>>>> David Blevins: Store
> >>>>> Arjan Tijms: Authentication Store
> >>>>> Alex Kosowski: Identity Store
> >>>>> Rudy De Busscher: Security Provider
> >>>>> Darran Lofthouse: Realm / Identity Store
> >>>>> Werner Keil: Authentication Store / Identity Store
> >>>>> Ajay Reddy: Identity Store / User Repository / Realm
> >>>>> Pedro Igor: Identity Store
> >>>>>
> >>>>>
> >>>>> Organized per term:
> >>>>>
> >>>>> Identity Store - 5
> >>>>> Authentication Store - 2
> >>>>> Realm - 2
> >>>>> Store - 1
> >>>>> Security Provider - 1
> >>>>> User Repository - 1
> >>>>>
> >>>>> Kind regards,
> >>>>> Arjan Tijms
> >>>>>
> >>>>>
> >>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 4/9/15 5:56 PM, Pedro Igor Silva wrote:
> >>>>>>>
> >>>>>>> In PicketLink, IdentityStore is mainly related on how you manage
> >>>>>>> identities and relationships. Identities would be users, roles,
> >>>>>>> groups,
> >>>>>>> applications, etc. And relationships would be grants(rbac), group
> >>>>>>> membership(gbac) and so forth. It is basically a CRUD interface,
> >>>>>>> base
> >>>>>>> for
> >>>>>>> all others specific stores we have.
> >>>>>>>
> >>>>>>> Regarding authentication, there is also a specific store for
> >>>>>>> credentials,
> >>>>>>> the CredentialStore. There is a reference to it in the scope
> >>>>>>> document
> >>>>>>> as
> >>>>>>> follows:
> >>>>>>>
> >>>>>>> "4.3.c Credentials also in Identity Store? Perhap separate secured
> >>>>>>> store?"
> >>>>>>>
> >>>>>>> These two stores are involved during the authentication process.
> >>>>>>> Where
> >>>>>>> you
> >>>>>>> need to load an account (eg.: user) and authenticate based on a
> >>>>>>> specific
> >>>>>>> credential type (password, totp, X.509, token, etc).
> >>>>>>>
> >>>>>>> PermissionStore, on the other hand, is specific for permissions and
> >>>>>>> is
> >>>>>>> not
> >>>>>>> related at all with authentication. Like you said, is related with
> >>>>>>> acl
> >>>>>>> authorization.
> >>>>>>>
> >>>>>>> I would say that in this case makes more sense Identity Store.
> >>>>>>> Specially
> >>>>>>> if you consider what Darran said about the potential to be widely
> >>>>>>> referenced
> >>>>>>> after authentication.
> >>>>>>>
> >>>>>>> One of the reasons for different and specific stores is that you
> may
> >>>>>>> mix
> >>>>>>> different repositories (Eg.: LDAP and JPA), where each one can be
> >>>>>>> used
> >>>>>>> to
> >>>>>>> store only a specific type of information. For instance, use LDAP
> >>>>>>> for
> >>>>>>> users
> >>>>>>> and credentials, but JPA for more fine grained authorization with
> >>>>>>> permissions/acl. And also because each repository has its
> >>>>>>> limitations.
> >>>>>>> For
> >>>>>>> instance, It is really hard to support ACL or even custom
> attributes
> >>>>>>> in
> >>>>>>> LDAP.
> >>>>>>>
> >>>>>>> Regards.
> >>>>>>> Pedro Igor
> >>>>>>>
> >>>>>>> ----- Original Message -----
> >>>>>>> From: "Werner Keil"<werner.keil_at_gmail.com <javascript:;>>
> >>>>>>> To: jsr375-experts_at_javaee-security-spec.java.net <javascript:;>
> >>>>>>> Sent: Thursday, April 9, 2015 12:18:32 PM
> >>>>>>> Subject: [jsr375-experts] Re: 1-TerminologyAuthInteractionVsStore
> >>>>>>> ACTION:
> >>>>>>> cast vote
> >>>>>>>
> >>>>>>> Actually "IdentityStore" is also used in different PicketLink
> >>>>>>> modules.
> >>>>>>> So it uses "PermissionStore" in the context of "Authorization"/ACL
> >>>>>>> and
> >>>>>>> "IdentityStore" on the Authentication side.
> >>>>>>> If we purely deal with Authentication, either "IdentityStore" or
> >>>>>>> "AuthenticationStore" sound best.
> >>>>>>> Otherwise I'd say "PermissionStore" (or "SecurityStore" to have
> >>>>>>> another
> >>>>>>> prefix to the simple "Store") sound more versatile.
> >>>>>>>
> >>>>>>> Werner
> >>>>>>>
> >>>>>>> On Thu, Apr 9, 2015 at 5:08 PM, Werner Keil<werner.keil_at_gmail.com
> <javascript:;>>
> >>>>>>> wrote:
> >>>>>>>
> >>>>>>>> PicketLink calls it PermissionStore. I could think of variations
> >>>>>>>> including
> >>>>>>>> SecurityStore (just Store seems a bit too wide)
> >>>>>>>> but PermissionStore sounds fine to me.
> >>>>>>>>
> >>>>>>>> Regards,
> >>>>>>>> Werner
> >>>>>>>>
> >>>>>>>> On Thu, Apr 9, 2015 at 4:32 PM, Darran Lofthouse<
> >>>>>>>> darran.lofthouse_at_redhat.com <javascript:;>> wrote:
> >>>>>>>>
> >>>>>>>>> Looks like I replied but did not vote ;-)
> >>>>>>>>>
> >>>>>>>>> My vote would be Realm or Identity Store.
> >>>>>>>>>
> >>>>>>>>> Whilst I agree it's first use will be authentication I think it
> >>>>>>>>> has
> >>>>>>>>> the
> >>>>>>>>> potential to be widely referenced after authentication.
> >>>>>>>>>
> >>>>>>>>> Regards,
> >>>>>>>>> Darran Lofthouse.
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> On 09/04/15 15:24, arjan tijms wrote:
> >>>>>>>>>
> >>>>>>>>>> Hi,
> >>>>>>>>>>
> >>>>>>>>>> We now have 4 votes:
> >>>>>>>>>>
> >>>>>>>>>> David Blevins: Store
> >>>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>> Alex Kosowski: Authentication Store / Identity Store
> >>>>>>>>>> Rudy De Busscher: Security Provider
> >>>>>>>>>>
> >>>>>>>>>> No other people have voted yet, although there have been some
> >>>>>>>>>> additional comments.
> >>>>>>>>>>
> >>>>>>>>>> Based on this, shall we establish "authentication store" as the
> >>>>>>>>>> working term? Just so we all know what we're talking about. The
> >>>>>>>>>> final
> >>>>>>>>>> term can be something else still.
> >>>>>>>>>>
> >>>>>>>>>> Kind regards,
> >>>>>>>>>> Arjan
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On Mon, Mar 23, 2015 at 11:13 PM, arjan
> >>>>>>>>>> tijms<arjan.tijms_at_gmail.com <javascript:;>>
> >>>>>>>>>> wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Hi,
> >>>>>>>>>>>
> >>>>>>>>>>> On Mon, Mar 23, 2015 at 10:32 PM, Alex Kosowski<
> >>>>>>>>>>> alex.kosowski_at_oracle.com <javascript:;>>
> >>>>>>>>>>> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>> To add a 13th option,
> >>>>>>>>>>>>
> >>>>>>>>>>>> How about IdentityStore? That would reflect that we are
> storing
> >>>>>>>>>>>> identity
> >>>>>>>>>>>> attributes.
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> I could absolutely see that working as well, sure. In
> >>>>>>>>>>> terminology
> >>>>>>>>>>> it
> >>>>>>>>>>> has
> >>>>>>>>>>> some connection with a JSR that was started some time ago, the
> >>>>>>>>>>> Java
> >>>>>>>>>>> Identity
> >>>>>>>>>>> API (JSR 351), and with the term "authenticated identity" (the
> >>>>>>>>>>> more
> >>>>>>>>>>> formal
> >>>>>>>>>>> alternative for "logged-in user").
> >>>>>>>>>>>
> >>>>>>>>>>> But is Identity Store also a preference you have for the term,
> >>>>>>>>>>> or
> >>>>>>>>>>> just
> >>>>>>>>>>> an
> >>>>>>>>>>> alternative idea?
> >>>>>>>>>>>
> >>>>>>>>>>> Giving the overview again, it would now be:
> >>>>>>>>>>>
> >>>>>>>>>>> David Blevins: Store
> >>>>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>>> Alex Kosowski: Authentication Store / Identity Store
> >>>>>>>>>>> Rudy De Busscher: Security Provider
> >>>>>>>>>>>
> >>>>>>>>>>> Kind regards,
> >>>>>>>>>>> Arjan Tijms
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> On 3/23/15 5:15 PM, Rudy De Busscher wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>> Hi,
> >>>>>>>>>>>>
> >>>>>>>>>>>> the concept of "the store where users/callers and optionally
> >>>>>>>>>>>> the
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> group/role data resides".
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> Since you also have the group/role information, it is not only
> >>>>>>>>>>>> Authentication info anymore. So Authentication Store is then
> >>>>>>>>>>>> confusing.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Store is indeed too general, so what about security provider
> >>>>>>>>>>>> (if I
> >>>>>>>>>>>> have to
> >>>>>>>>>>>> take a term from the list proposed here)?
> >>>>>>>>>>>>
> >>>>>>>>>>>> regards
> >>>>>>>>>>>> Rudy
> >>>>>>>>>>>>
> >>>>>>>>>>>> On 23 March 2015 at 22:03, arjan tijms<arjan.tijms_at_gmail.com
> <javascript:;>>
> >>>>>>>>>>>> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On Monday, March 23, 2015, Alex
> >>>>>>>>>>>>> Kosowski<alex.kosowski_at_oracle.com <javascript:;>>
> >>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> Hi Arjan,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Does this indicates your preference, or is it just the term
> >>>>>>>>>>>>>> Shiro
> >>>>>>>>>>>>>> happened to use?
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> It was just a starting point.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Okay ;)
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> David Blevins: Store
> >>>>>>>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Authentication Store is fine with me. Store seems a little
> >>>>>>>>>>>>>> broad,
> >>>>>>>>>>>>>> but
> >>>>>>>>>>>>>> less typing.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Yes, for me too just store would feel too broad. AuthStore
> >>>>>>>>>>>>> would
> >>>>>>>>>>>>> seem
> >>>>>>>>>>>>> to
> >>>>>>>>>>>>> work at first, but I agree with Les who stated in another
> >>>>>>>>>>>>> thread
> >>>>>>>>>>>>> that
> >>>>>>>>>>>>> we
> >>>>>>>>>>>>> shouldn't use just "auth" anywhere.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> While very common, it unfortunately makes it hard to
> >>>>>>>>>>>>> distinguish
> >>>>>>>>>>>>> between
> >>>>>>>>>>>>> authentication and authorization.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> So we now have;
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> David Blevins: Store
> >>>>>>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>>>>> Alex Kosowski; Authentication Store
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Anyone else?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Kind regards,
> >>>>>>>>>>>>> Arjan Tijms
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>> Alex
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On 3/20/15 8:56 AM, arjan tijms wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> The doc is a great start, thanks Alex :)
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I noticed that relevant to the issue described in this
> >>>>>>>>>>>>>> thread,
> >>>>>>>>>>>>>> the
> >>>>>>>>>>>>>> document has chosen the term "Realm" for the concept of "the
> >>>>>>>>>>>>>> store
> >>>>>>>>>>>>>> where
> >>>>>>>>>>>>>> users/callers and optionally the group/role data resides".
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Does this indicates your preference, or is it just the term
> >>>>>>>>>>>>>> Shiro
> >>>>>>>>>>>>>> happened to use?
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> What about a round of voting (non-binding at this stage,
> just
> >>>>>>>>>>>>>> to
> >>>>>>>>>>>>>> test
> >>>>>>>>>>>>>> the waters)? That way we at least can establish a working
> >>>>>>>>>>>>>> term
> >>>>>>>>>>>>>> that
> >>>>>>>>>>>>>> we can
> >>>>>>>>>>>>>> use in the different discussions and issues that have
> already
> >>>>>>>>>>>>>> all
> >>>>>>>>>>>>>> started to
> >>>>>>>>>>>>>> use different terms.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> The list of proposed terms is now the following:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> security provider (WebLogic)
> >>>>>>>>>>>>>> realm (Tomcat, Shiro, some hints in Servlet spec)
> >>>>>>>>>>>>>> (authentication) repository
> >>>>>>>>>>>>>> (authentication) store
> >>>>>>>>>>>>>> login module (JAAS)
> >>>>>>>>>>>>>> identity manager (Undertow)
> >>>>>>>>>>>>>> service provider
> >>>>>>>>>>>>>> relying party
> >>>>>>>>>>>>>> authenticator (Resin, OmniSecurity, Seam Security)
> >>>>>>>>>>>>>> user service (?, used by 375 JSR)
> >>>>>>>>>>>>>> authentication provider (Spring Security)
> >>>>>>>>>>>>>> identity provider
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I'd like to ask everyone on this list to vote for your
> >>>>>>>>>>>>>> preferred
> >>>>>>>>>>>>>> term.
> >>>>>>>>>>>>>> David had already expressed favoring "store" in the JIRA
> >>>>>>>>>>>>>> issue,
> >>>>>>>>>>>>>> which is
> >>>>>>>>>>>>>> together with "repository" also my favorite, although I like
> >>>>>>>>>>>>>> to
> >>>>>>>>>>>>>> prefix it
> >>>>>>>>>>>>>> with "authentication".
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> So the current outcome is:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> David Blevins: Store
> >>>>>>>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Kind regards,
> >>>>>>>>>>>>>> Arjan Tijms
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On Thu, Mar 19, 2015 at 3:25 AM, Alex Kosowski
> >>>>>>>>>>>>>> <alex.kosowski_at_oracle.com <javascript:;>> wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> I created a draft document for adding/editing EE Security
> >>>>>>>>>>>>>>> API
> >>>>>>>>>>>>>>> Terminology on an on-going basis.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> https://docs.google.com/document/d/1eaNCUa78Eytt73WYvDHrsS3klTzHL
> >>>>>>>>>>>>>>> 0xD5vswHhT-KVY/edit?usp=sharing
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> This a Google doc viewable by the public and editable by
> >>>>>>>>>>>>>>> those
> >>>>>>>>>>>>>>> in
> >>>>>>>>>>>>>>> the
> >>>>>>>>>>>>>>> Google Group jsr375-experts_at_googlegroups.com
> <javascript:;>, of which all
> >>>>>>>>>>>>>>> of
> >>>>>>>>>>>>>>> you
> >>>>>>>>>>>>>>> should be
> >>>>>>>>>>>>>>> a member.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Alex
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On 3/8/15 5:01 PM, arjan tijms wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Hi there,
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> A while ago I created
> >>>>>>>>>>>>>>> https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-1, which
> >>>>>>>>>>>>>>> seeks
> >>>>>>>>>>>>>>> to
> >>>>>>>>>>>>>>> establish clear terminology for two concepts that often
> come
> >>>>>>>>>>>>>>> up
> >>>>>>>>>>>>>>> in
> >>>>>>>>>>>>>>> authentication:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> 1. The (user) interaction method via which credentials
> >>>>>>>>>>>>>>> are
> >>>>>>>>>>>>>>> obtained
> >>>>>>>>>>>>>>> (FORM, BASIC, etc)
> >>>>>>>>>>>>>>> 2. The store where users/callers and optionally the
> >>>>>>>>>>>>>>> group/role
> >>>>>>>>>>>>>>> data
> >>>>>>>>>>>>>>> resides
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Not only do I see very different terms being used for both
> >>>>>>>>>>>>>>> of
> >>>>>>>>>>>>>>> these
> >>>>>>>>>>>>>>> concepts which is a problem by itself, but the lack of
> >>>>>>>>>>>>>>> consistent
> >>>>>>>>>>>>>>> terminology makes it unclear what people are really asking
> >>>>>>>>>>>>>>> at
> >>>>>>>>>>>>>>> times.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Your thoughts?
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Kind regards,
> >>>>>>>>>>>>>>> Arjan Tijms
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>
> >>>>
> >>>>
>
>