Hi,
On Friday, December 18, 2015, Werner Keil <werner.keil_at_gmail.com> wrote:
> EDR 1 does not have to contain every use case and feature we end up
> including, what I showed in Tel Aviv could probably be just fine plus
> trying to get the Spec Asciidoc in
>
That's in a way the basic authentication story (epic):
* (Simplified) read-only identity store
* (Simplified) SAM-based authentication mechanism
* Number of std identity stores
* Number of std authentication mechanisms (?)
The last item hasn't really been discussed yet.
Traditionally authentication mechanisms have been in the Servlet spec, but
these do not (yet) work with our identity store, nor are they JASPIC based
(but that was on the table for Servlet 4).
Should we standardise a number of authentication mechanisms, and if so
should or should they not overlap with the same ones Servlet already has?
And, should the Servlet EG decide to rebase their 4 existing authentication
mechanisms (FORM, BASIC, DIGEST, CLIENT-CERT) on JASPIC, how do we exactly
align with that?
Kind regards,
Arjan Tijms