On Mon, Jan 30, 2012 at 9:26 AM, Kalle Korhonen <[email protected]> wrote: > On Mon, Jan 30, 2012 at 8:35 AM, Les Hazlewood <[email protected]> wrote: >> On Mon, Jan 30, 2012 at 8:18 AM, Kalle Korhonen >> <[email protected]> wrote: >>> I was looking into the unfinished openid4java support module. The >>> RelyingPartyRealm implementation seems a bit funny to me, it extends >>> AuthorizingRealm but then states in the javadoc of it >>> doGetAuthorizationInfo "Returns {@code null} always because OpenId >>> does not support authorization operations". >> Is this true? I mean, if Attribute Exchange is enabled, is it > > You wrote the javadoc, right?
Sort of :) Some of it was seeded from the (Apache 2 licensed) Grails 'Nimble' plugin. > Attribute extensions for openid typically allow to fetch more user > data (name, email, etc.) which you could see partly as an > authorization technique, but even then, that applies to the remote > authentication/authorization provider, not (directly) to your > application. The model I usually follow with openId/oauth and similar > is "remote authentication, local authorization", i.e. I have another > realm just for authorization to keep the concerns separate. Gotcha - this would be my preferred approach as well. Les
