jsr375-experts@javaee-security-spec.java.net

[jsr375-experts] Will update Read-Only Identity Store Proposal

From: Alex Kosowski <alex.kosowski_at_oracle.com>
Date: Tue, 13 Oct 2015 10:54:39 -0400

Hi,

I just wanted to mention that I will revise the proposal doc/code based
on the comments, and republish the proposal. I will also provide a
high-level list of updates, in case you have lost track of the discussions.

Thanks for your help!
Alex

On 9/29/15 1:42 AM, Alex Kosowski wrote:
> Hi Volunteers,
>
> I would like to submit for your review a third iteration of the JSR
> 375 Identity Store. I think this version is simpler than the previous
> iterations, and incorporates the latest comments.
>
> Features:
> 1. Follows the simple model: Credentials in -> Caller, groups, roles out
> 2. The IdentityStore is read only, no create/update/delete for
> callers, groups, roles or credentials
> 3. Caller, Groups and Roles are just Strings, and are searchable by
> regular expression
> 4. Credential support is extendable by using CDI Qualifiers to
> annotate a CredentialValidator implementation
> 5. Standardized support for credentials, including Username/Password,
> Basic Authentication, Token
> 6. Standardized support for persistence mechanisms, including file,
> LDAP, database, and a JAAS adapter
>
> Here is a usage case example:
>
> @Inject
> IdentityStore idStore;
>
> // For example, in a JASPIC SAM...
> String caller = null;
> List<String> groups = null;
> List<String> roles = null;
> CredentialValidationResult result;
> Credential cred;
>
> cred = new UsernamePasswordCredential("john",new Password("secret"));
> result = idStore.validate(cred);
> if (Status.VALID == result.getStatus()) {
> // authentication was successful
> caller = result.getCallerName();
> groups = result.getCallerGroups();
> roles = result.getCallerRoles();
>
> // Callback JASPIC
> } else {
> // Invalid or not validated
> }
>
> I completely rewrote the Proof of Concept (POC) from the previous
> iteration and updated the proposal design doc. Let's discuss any
> issues you may have with this design.
>
> Please comment on this proposal Google doc:
> https://docs.google.com/document/d/1xMa32W73gPYYo53wRX60WasDDTuC7YFlI0XBm3dRym8/edit?usp=sharing
>
> The proposal Google doc should be open for comments by anyone on the
> jsr375-experts_at_googlegroups.com Google group. If you are having
> trouble commenting, please let me know. To comment, click the Comments
> button on the top right of the document.
>
> Here is the POC in the GitHub Proposal Repo:
> https://github.com/javaee-security-spec/javaee-security-proposals/tree/master/identity-store-readonly
>
> Note that the DatabaseIdentityStore in the POC is without an
> implementation because I ran out of time.
>
> Here is the generated JavaDoc:
> https://javaee-security-spec.java.net/
>
> What do you think? Once we come to a consensus for an acceptable
> Identity Store API design, the proposal will become the basis for the
> Identity Store section of the spec.
>
> With regards,
> Alex
>