+1
Werner
On Sun, Oct 11, 2015 at 9:39 AM, Ivar Grimstad <ivar.grimstad_at_gmail.com>
wrote:
> +1
>
> On Sat, Oct 10, 2015 at 12:40 AM Alex Kosowski <alex.kosowski_at_oracle.com>
> wrote:
>
>> Hi,
>>
>> Any other comments about the Read-Only Identity Store Proposal? I think I
>> have enough for an Early Draft Review section.
>>
>> Even a +1 would be helpful!
>>
>> Thanks,
>> Alex
>>
>>
>> On 9/29/15 1:42 AM, Alex Kosowski wrote:
>>
>> Hi Volunteers,
>>
>> I would like to submit for your review a third iteration of the JSR 375
>> Identity Store. I think this version is simpler than the previous
>> iterations, and incorporates the latest comments.
>>
>> Features:
>> 1. Follows the simple model: Credentials in -> Caller, groups, roles out
>> 2. The IdentityStore is read only, no create/update/delete for callers,
>> groups, roles or credentials
>> 3. Caller, Groups and Roles are just Strings, and are searchable by
>> regular expression
>> 4. Credential support is extendable by using CDI Qualifiers to annotate a
>> CredentialValidator implementation
>> 5. Standardized support for credentials, including Username/Password,
>> Basic Authentication, Token
>> 6. Standardized support for persistence mechanisms, including file, LDAP,
>> database, and a JAAS adapter
>>
>> Here is a usage case example:
>>
>> @Inject
>> IdentityStore idStore;
>>
>> // For example, in a JASPIC SAM...
>> String caller = null;
>> List<String> groups = null;
>> List<String> roles = null;
>> CredentialValidationResult result;
>> Credential cred;
>>
>> cred = new UsernamePasswordCredential("john",new Password("secret"));
>> result = idStore.validate(cred);
>> if (Status.VALID == result.getStatus()) {
>> // authentication was successful
>> caller = result.getCallerName();
>> groups = result.getCallerGroups();
>> roles = result.getCallerRoles();
>>
>> // Callback JASPIC
>> } else {
>> // Invalid or not validated
>> }
>>
>> I completely rewrote the Proof of Concept (POC) from the previous
>> iteration and updated the proposal design doc. Let's discuss any issues you
>> may have with this design.
>>
>> Please comment on this proposal Google doc:
>>
>> https://docs.google.com/document/d/1xMa32W73gPYYo53wRX60WasDDTuC7YFlI0XBm3dRym8/edit?usp=sharing
>>
>> The proposal Google doc should be open for comments by anyone on the
>> jsr375-experts_at_googlegroups.com Google group. If you are having trouble
>> commenting, please let me know. To comment, click the Comments button on
>> the top right of the document.
>>
>> Here is the POC in the GitHub Proposal Repo:
>>
>> https://github.com/javaee-security-spec/javaee-security-proposals/tree/master/identity-store-readonly
>>
>> Note that the DatabaseIdentityStore in the POC is without an
>> implementation because I ran out of time.
>>
>> Here is the generated JavaDoc:
>> https://javaee-security-spec.java.net/
>>
>> What do you think? Once we come to a consensus for an acceptable Identity
>> Store API design, the proposal will become the basis for the Identity Store
>> section of the spec.
>>
>> With regards,
>> Alex
>>
>>