Oups, thought I voted but looks like no.
If it's still time, "authentication store" for me if we wan't to really
qualify what's the store is about.
Otherwise "store" only is enough.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Fri, Apr 10, 2015 at 12:22 AM, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> On Fri, Apr 10, 2015 at 12:11 AM, Alex Kosowski
> <alex.kosowski_at_oracle.com> wrote:
> > I change my vote to just "Identity Store"
>
> Okay, so then we have:
>
> David Blevins: Store
> Arjan Tijms: Authentication Store
> Alex Kosowski: Identity Store
> Rudy De Busscher: Security Provider
> Darran Lofthouse: Realm / Identity Store
> Werner Keil: Authentication Store / Identity Store
> Ajay Reddy: Identity Store / User Repository / Realm
> Pedro Igor: Identity Store
>
>
> Organized per term:
>
> Identity Store - 5
> Authentication Store - 2
> Realm - 2
> Store - 1
> Security Provider - 1
> User Repository - 1
>
> Kind regards,
> Arjan Tijms
>
>
>
> >
> >
> > On 4/9/15 5:56 PM, Pedro Igor Silva wrote:
> >>
> >> In PicketLink, IdentityStore is mainly related on how you manage
> >> identities and relationships. Identities would be users, roles, groups,
> >> applications, etc. And relationships would be grants(rbac), group
> >> membership(gbac) and so forth. It is basically a CRUD interface, base
> for
> >> all others specific stores we have.
> >>
> >> Regarding authentication, there is also a specific store for
> credentials,
> >> the CredentialStore. There is a reference to it in the scope document as
> >> follows:
> >>
> >> "4.3.c Credentials also in Identity Store? Perhap separate secured
> store?"
> >>
> >> These two stores are involved during the authentication process. Where
> you
> >> need to load an account (eg.: user) and authenticate based on a specific
> >> credential type (password, totp, X.509, token, etc).
> >>
> >> PermissionStore, on the other hand, is specific for permissions and is
> not
> >> related at all with authentication. Like you said, is related with acl
> >> authorization.
> >>
> >> I would say that in this case makes more sense Identity Store. Specially
> >> if you consider what Darran said about the potential to be widely
> referenced
> >> after authentication.
> >>
> >> One of the reasons for different and specific stores is that you may mix
> >> different repositories (Eg.: LDAP and JPA), where each one can be used
> to
> >> store only a specific type of information. For instance, use LDAP for
> users
> >> and credentials, but JPA for more fine grained authorization with
> >> permissions/acl. And also because each repository has its limitations.
> For
> >> instance, It is really hard to support ACL or even custom attributes in
> >> LDAP.
> >>
> >> Regards.
> >> Pedro Igor
> >>
> >> ----- Original Message -----
> >> From: "Werner Keil"<werner.keil_at_gmail.com>
> >> To: jsr375-experts_at_javaee-security-spec.java.net
> >> Sent: Thursday, April 9, 2015 12:18:32 PM
> >> Subject: [jsr375-experts] Re: 1-TerminologyAuthInteractionVsStore
> ACTION:
> >> cast vote
> >>
> >> Actually "IdentityStore" is also used in different PicketLink modules.
> >> So it uses "PermissionStore" in the context of "Authorization"/ACL and
> >> "IdentityStore" on the Authentication side.
> >> If we purely deal with Authentication, either "IdentityStore" or
> >> "AuthenticationStore" sound best.
> >> Otherwise I'd say "PermissionStore" (or "SecurityStore" to have another
> >> prefix to the simple "Store") sound more versatile.
> >>
> >> Werner
> >>
> >> On Thu, Apr 9, 2015 at 5:08 PM, Werner Keil<werner.keil_at_gmail.com>
> wrote:
> >>
> >>> PicketLink calls it PermissionStore. I could think of variations
> >>> including
> >>> SecurityStore (just Store seems a bit too wide)
> >>> but PermissionStore sounds fine to me.
> >>>
> >>> Regards,
> >>> Werner
> >>>
> >>> On Thu, Apr 9, 2015 at 4:32 PM, Darran Lofthouse<
> >>> darran.lofthouse_at_redhat.com> wrote:
> >>>
> >>>> Looks like I replied but did not vote ;-)
> >>>>
> >>>> My vote would be Realm or Identity Store.
> >>>>
> >>>> Whilst I agree it's first use will be authentication I think it has
> the
> >>>> potential to be widely referenced after authentication.
> >>>>
> >>>> Regards,
> >>>> Darran Lofthouse.
> >>>>
> >>>>
> >>>>
> >>>> On 09/04/15 15:24, arjan tijms wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> We now have 4 votes:
> >>>>>
> >>>>> David Blevins: Store
> >>>>> Arjan Tijms: Authentication Store
> >>>>> Alex Kosowski: Authentication Store / Identity Store
> >>>>> Rudy De Busscher: Security Provider
> >>>>>
> >>>>> No other people have voted yet, although there have been some
> >>>>> additional comments.
> >>>>>
> >>>>> Based on this, shall we establish "authentication store" as the
> >>>>> working term? Just so we all know what we're talking about. The final
> >>>>> term can be something else still.
> >>>>>
> >>>>> Kind regards,
> >>>>> Arjan
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> On Mon, Mar 23, 2015 at 11:13 PM, arjan tijms<arjan.tijms_at_gmail.com>
> >>>>> wrote:
> >>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> On Mon, Mar 23, 2015 at 10:32 PM, Alex Kosowski<
> >>>>>> alex.kosowski_at_oracle.com>
> >>>>>> wrote:
> >>>>>>
> >>>>>>> To add a 13th option,
> >>>>>>>
> >>>>>>> How about IdentityStore? That would reflect that we are storing
> >>>>>>> identity
> >>>>>>> attributes.
> >>>>>>>
> >>>>>>
> >>>>>> I could absolutely see that working as well, sure. In terminology it
> >>>>>> has
> >>>>>> some connection with a JSR that was started some time ago, the Java
> >>>>>> Identity
> >>>>>> API (JSR 351), and with the term "authenticated identity" (the more
> >>>>>> formal
> >>>>>> alternative for "logged-in user").
> >>>>>>
> >>>>>> But is Identity Store also a preference you have for the term, or
> just
> >>>>>> an
> >>>>>> alternative idea?
> >>>>>>
> >>>>>> Giving the overview again, it would now be:
> >>>>>>
> >>>>>> David Blevins: Store
> >>>>>> Arjan Tijms: Authentication Store
> >>>>>> Alex Kosowski: Authentication Store / Identity Store
> >>>>>> Rudy De Busscher: Security Provider
> >>>>>>
> >>>>>> Kind regards,
> >>>>>> Arjan Tijms
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>
> >>>>>>> On 3/23/15 5:15 PM, Rudy De Busscher wrote:
> >>>>>>>
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> the concept of "the store where users/callers and optionally the
> >>>>>>>>
> >>>>>>>> group/role data resides".
> >>>>>>>>
> >>>>>>>
> >>>>>>> Since you also have the group/role information, it is not only
> >>>>>>> Authentication info anymore. So Authentication Store is then
> >>>>>>> confusing.
> >>>>>>>
> >>>>>>> Store is indeed too general, so what about security provider (if I
> >>>>>>> have to
> >>>>>>> take a term from the list proposed here)?
> >>>>>>>
> >>>>>>> regards
> >>>>>>> Rudy
> >>>>>>>
> >>>>>>> On 23 March 2015 at 22:03, arjan tijms<arjan.tijms_at_gmail.com>
> wrote:
> >>>>>>>
> >>>>>>>> Hi,
> >>>>>>>>
> >>>>>>>> On Monday, March 23, 2015, Alex Kosowski<alex.kosowski_at_oracle.com
> >
> >>>>>>>> wrote:
> >>>>>>>>
> >>>>>>>>> Hi Arjan,
> >>>>>>>>>
> >>>>>>>>> Does this indicates your preference, or is it just the term Shiro
> >>>>>>>>> happened to use?
> >>>>>>>>>
> >>>>>>>>> It was just a starting point.
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> Okay ;)
> >>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> David Blevins: Store
> >>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>
> >>>>>>>>> Authentication Store is fine with me. Store seems a little broad,
> >>>>>>>>> but
> >>>>>>>>> less typing.
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> Yes, for me too just store would feel too broad. AuthStore would
> >>>>>>>> seem
> >>>>>>>> to
> >>>>>>>> work at first, but I agree with Les who stated in another thread
> >>>>>>>> that
> >>>>>>>> we
> >>>>>>>> shouldn't use just "auth" anywhere.
> >>>>>>>>
> >>>>>>>> While very common, it unfortunately makes it hard to distinguish
> >>>>>>>> between
> >>>>>>>> authentication and authorization.
> >>>>>>>>
> >>>>>>>> So we now have;
> >>>>>>>>
> >>>>>>>> David Blevins: Store
> >>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>> Alex Kosowski; Authentication Store
> >>>>>>>>
> >>>>>>>> Anyone else?
> >>>>>>>>
> >>>>>>>> Kind regards,
> >>>>>>>> Arjan Tijms
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Thanks,
> >>>>>>>>> Alex
> >>>>>>>>>
> >>>>>>>>> On 3/20/15 8:56 AM, arjan tijms wrote:
> >>>>>>>>>
> >>>>>>>>> Hi,
> >>>>>>>>>
> >>>>>>>>> The doc is a great start, thanks Alex :)
> >>>>>>>>>
> >>>>>>>>> I noticed that relevant to the issue described in this thread,
> the
> >>>>>>>>> document has chosen the term "Realm" for the concept of "the
> store
> >>>>>>>>> where
> >>>>>>>>> users/callers and optionally the group/role data resides".
> >>>>>>>>>
> >>>>>>>>> Does this indicates your preference, or is it just the term Shiro
> >>>>>>>>> happened to use?
> >>>>>>>>>
> >>>>>>>>> What about a round of voting (non-binding at this stage, just to
> >>>>>>>>> test
> >>>>>>>>> the waters)? That way we at least can establish a working term
> that
> >>>>>>>>> we can
> >>>>>>>>> use in the different discussions and issues that have already all
> >>>>>>>>> started to
> >>>>>>>>> use different terms.
> >>>>>>>>>
> >>>>>>>>> The list of proposed terms is now the following:
> >>>>>>>>>
> >>>>>>>>> security provider (WebLogic)
> >>>>>>>>> realm (Tomcat, Shiro, some hints in Servlet spec)
> >>>>>>>>> (authentication) repository
> >>>>>>>>> (authentication) store
> >>>>>>>>> login module (JAAS)
> >>>>>>>>> identity manager (Undertow)
> >>>>>>>>> service provider
> >>>>>>>>> relying party
> >>>>>>>>> authenticator (Resin, OmniSecurity, Seam Security)
> >>>>>>>>> user service (?, used by 375 JSR)
> >>>>>>>>> authentication provider (Spring Security)
> >>>>>>>>> identity provider
> >>>>>>>>>
> >>>>>>>>> I'd like to ask everyone on this list to vote for your preferred
> >>>>>>>>> term.
> >>>>>>>>> David had already expressed favoring "store" in the JIRA issue,
> >>>>>>>>> which is
> >>>>>>>>> together with "repository" also my favorite, although I like to
> >>>>>>>>> prefix it
> >>>>>>>>> with "authentication".
> >>>>>>>>>
> >>>>>>>>> So the current outcome is:
> >>>>>>>>>
> >>>>>>>>> David Blevins: Store
> >>>>>>>>> Arjan Tijms: Authentication Store
> >>>>>>>>>
> >>>>>>>>> Kind regards,
> >>>>>>>>> Arjan Tijms
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> On Thu, Mar 19, 2015 at 3:25 AM, Alex Kosowski
> >>>>>>>>> <alex.kosowski_at_oracle.com> wrote:
> >>>>>>>>>
> >>>>>>>>>> Hi,
> >>>>>>>>>>
> >>>>>>>>>> I created a draft document for adding/editing EE Security API
> >>>>>>>>>> Terminology on an on-going basis.
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> https://docs.google.com/document/d/1eaNCUa78Eytt73WYvDHrsS3klTzHL
> >>>>>>>>>> 0xD5vswHhT-KVY/edit?usp=sharing
> >>>>>>>>>>
> >>>>>>>>>> This a Google doc viewable by the public and editable by those
> in
> >>>>>>>>>> the
> >>>>>>>>>> Google Group jsr375-experts_at_googlegroups.com, of which all of
> you
> >>>>>>>>>> should be
> >>>>>>>>>> a member.
> >>>>>>>>>>
> >>>>>>>>>> Alex
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On 3/8/15 5:01 PM, arjan tijms wrote:
> >>>>>>>>>>
> >>>>>>>>>> Hi there,
> >>>>>>>>>>
> >>>>>>>>>> A while ago I created
> >>>>>>>>>> https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-1, which
> seeks
> >>>>>>>>>> to
> >>>>>>>>>> establish clear terminology for two concepts that often come up
> in
> >>>>>>>>>> authentication:
> >>>>>>>>>>
> >>>>>>>>>> 1. The (user) interaction method via which credentials are
> >>>>>>>>>> obtained
> >>>>>>>>>> (FORM, BASIC, etc)
> >>>>>>>>>> 2. The store where users/callers and optionally the
> >>>>>>>>>> group/role
> >>>>>>>>>> data
> >>>>>>>>>> resides
> >>>>>>>>>>
> >>>>>>>>>> Not only do I see very different terms being used for both of
> >>>>>>>>>> these
> >>>>>>>>>> concepts which is a problem by itself, but the lack of
> consistent
> >>>>>>>>>> terminology makes it unclear what people are really asking at
> >>>>>>>>>> times.
> >>>>>>>>>>
> >>>>>>>>>> Your thoughts?
> >>>>>>>>>>
> >>>>>>>>>> Kind regards,
> >>>>>>>>>> Arjan Tijms
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >
>