On 10/04/15 07:50, Jean-Louis Monteiro wrote:
>
>
> Or, do we mean we want something like a client-side (outbound)
> authentication method that is set in an API, which corresponds to a
> ClientAuthenticationModule that understands the authentication
> method,
> and knows how to get/use the credentials. This would not be a string
> replacement alias, but rather something like a simple API for any
> client-side authentication?
>
>
> I am thinking the latter i.e. the simple API. At the same time this
> would also need a close relationship with SSL.
>
>
> Do you have real use cases for that.
This is something I have experienced in a couple of places within JBoss
AS7 and WildFly where we have outbound connection, sometimes this is
where we have server to server connection, another case that pops up is
where we connect to LDAP servers.
Where authentication is going to be using username / password based
authentication having some form of alias to reference the password in a
secure store works well, but we also have a couple of additional cases.
The first being SSL where the clients certificate is being used.
The next case is Kerberos authentication where in it's present form a
suitably populated Subject needs to be provided.
The real point being there are different ways the identity of the client
side can be established but the username with protected password is just
one of them.
> In my head and from my experience, replacing clear passwords with
> tokens/alias would have been very useful in many projects, but to be
> honest I'm still trying to figure out about the API usage.