[jira] [Updated] (CLEREZZA-494) Subjects should be re-used

Tue, 08 Nov 2011 06:25:26 -0800 

     [ 
https://issues.apache.org/jira/browse/CLEREZZA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tommaso Teofili updated CLEREZZA-494:
-------------------------------------

    Fix Version/s: 0.2-incubating
    
> Subjects should be re-used
> --------------------------
>
>                 Key: CLEREZZA-494
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-494
>             Project: Clerezza
>          Issue Type: Improvement
>            Reporter: Henry Story
>            Assignee: Henry Story
>             Fix For: 0.2-incubating
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> With WebID a number of things need to be looked at that don't appear obvious 
> when one is dealing with simple and cookie auth. This in fact also applies to 
> OpenId authentication. One of these is that one can have a number of 
> Principals in one WebID authentication, since an X509 cert could contain two 
> webids or even an email address. 
> But it also the case that someone who authentified themselves with WebID may 
> later also use a password, as an additional method of authentication. 
> So it seems to me that the Subject should be passed along at all stages of 
> authentification. The following article on JBoss Subject usage shows quite 
> clearly that this is the purpose of the Subject. 
> http://oatv.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html?page=5
> It will also be very useful as the Subject can gather credentials, both those 
> that succeeded and those that failed in order to help explain why there were 
> failures in a web interface. So in the case of WebID test suite we would like 
> to pass the X509Claims as credentials to an explanatory page, so that one can 
> explain to the user why the claims failed. The same will be true in an OpenID 
> claim: it will help to the let the user know that his OpenId provider is down 
> at the moment, so that he can be properly redirected.
> The changes to get this to work are quite small, but it will require some 
> thinking things through. But both OpenId support and WebId suport will 
> require some of this thinking to occur. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to