Hi Darran. If you have any scenario or method of authentication that is not covered in the link Jason mentioned, then share it here and we will talk about it.
On Thu, Apr 12, 2012 at 9:50 PM, Jason Porter <[email protected]>wrote: > Thanks for bringing things up Darran. Take a look at > > https://cwiki.apache.org/confluence/display/DeltaSpike/Security+Module+Drafts > . > If there's something missing in the use cases, please add some. Also note > we've only gone as far as Part 1 right now. We're going to be continuing > discussions and implementing the other stages as we continue. > > On Thu, Apr 12, 2012 at 10:51, Darran Lofthouse < > [email protected] > > wrote: > > > Just been having a look at the Security Module page and had a couple of > > comments related to experiences in JBoss AS - Pete suggested I post my > > comments over here. > > > > A few of problems we have had historically in JBoss AS releases regarding > > the authentication at the transport level are: - > > - The assumption that everything has a username and a credential. > > - That authentication takes a single step. > > - That the duration an authentication is valid for can be pre-defined. > > > > Looking at the initial API I just wonder is it also starting to follow > the > > same assumptions. Picking username / password authentication as a first > > step whilst it may be simple historically has led us into situations > where > > adding more complex scenarios end up being added as a workaround. > > > > I suppose the real question is where would this be used, is this > something > > that would only be used within apps that want to establish some form of > > 'security context' with an identity or could this also be used in other > > locations such as valves implementing http authentication. If the former > > than maybe not a huge issue but if the latter this API could be repeating > > the problems of the past. > > > > Regards, > > Darran Lofthouse. > > > > > > > -- > Jason Porter > http://lightguard-jp.blogspot.com > http://twitter.com/lightguardjp > > Software Engineer > Open Source Advocate > Author of Seam Catch - Next Generation Java Exception Handling > > PGP key id: 926CCFF5 > PGP key available at: keyserver.net, pgp.mit.edu > -- Mehdi Heidarzadeh Ardalani Independent JEE Consultant, Architect and Developer.<http://www.TheBigJavaBlog.com>
