+1
On Sat, Oct 10, 2015 at 12:40 AM Alex Kosowski <alex.kosowski_at_oracle.com>
wrote:
> Hi,
>
> Any other comments about the Read-Only Identity Store Proposal? I think I
> have enough for an Early Draft Review section.
>
> Even a +1 would be helpful!
>
> Thanks,
> Alex
>
>
> On 9/29/15 1:42 AM, Alex Kosowski wrote:
>
> Hi Volunteers,
>
> I would like to submit for your review a third iteration of the JSR 375
> Identity Store. I think this version is simpler than the previous
> iterations, and incorporates the latest comments.
>
> Features:
> 1. Follows the simple model: Credentials in -> Caller, groups, roles out
> 2. The IdentityStore is read only, no create/update/delete for callers,
> groups, roles or credentials
> 3. Caller, Groups and Roles are just Strings, and are searchable by
> regular expression
> 4. Credential support is extendable by using CDI Qualifiers to annotate a
> CredentialValidator implementation
> 5. Standardized support for credentials, including Username/Password,
> Basic Authentication, Token
> 6. Standardized support for persistence mechanisms, including file, LDAP,
> database, and a JAAS adapter
>
> Here is a usage case example:
>
> @Inject
> IdentityStore idStore;
>
> // For example, in a JASPIC SAM...
> String caller = null;
> List<String> groups = null;
> List<String> roles = null;
> CredentialValidationResult result;
> Credential cred;
>
> cred = new UsernamePasswordCredential("john",new Password("secret"));
> result = idStore.validate(cred);
> if (Status.VALID == result.getStatus()) {
> // authentication was successful
> caller = result.getCallerName();
> groups = result.getCallerGroups();
> roles = result.getCallerRoles();
>
> // Callback JASPIC
> } else {
> // Invalid or not validated
> }
>
> I completely rewrote the Proof of Concept (POC) from the previous
> iteration and updated the proposal design doc. Let's discuss any issues you
> may have with this design.
>
> Please comment on this proposal Google doc:
>
> https://docs.google.com/document/d/1xMa32W73gPYYo53wRX60WasDDTuC7YFlI0XBm3dRym8/edit?usp=sharing
>
> The proposal Google doc should be open for comments by anyone on the
> jsr375-experts_at_googlegroups.com Google group. If you are having trouble
> commenting, please let me know. To comment, click the Comments button on
> the top right of the document.
>
> Here is the POC in the GitHub Proposal Repo:
>
> https://github.com/javaee-security-spec/javaee-security-proposals/tree/master/identity-store-readonly
>
> Note that the DatabaseIdentityStore in the POC is without an
> implementation because I ran out of time.
>
> Here is the generated JavaDoc:
> https://javaee-security-spec.java.net/
>
> What do you think? Once we come to a consensus for an acceptable Identity
> Store API design, the proposal will become the basis for the Identity Store
> section of the spec.
>
> With regards,
> Alex
>
>