You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-c-dev@ws.apache.org by Kasun Indrasiri <ka...@gmail.com> on 2008/02/15 07:29:04 UTC
Trust - STS Client - unwanted delegations
Hi,
In the Trust implementation, we have used sts_client to interfacing client
programmer and trust module. Our main objective is to ease the work of a
user has to do when he is using the trust module by doing most of the work
inside the
sts_client. But this approch not restricts the user from following
the common approach when we are using a svc_client. Any user can use
the normal approach other than
using sts_client.
But if are going to restrict only ro sts_client, we have have to do sevaral
unwanted delegations. So, I think we can add another sample case which not
strictly depending on sts_client. (I thinks we currently have one similar to
this in secpolicy scenario 20 which deals with RST Template and Trust)
Thanks,
Kasun
Re: Trust - STS Client - unwanted delegations
Posted by Uthaiyashankar <sh...@wso2.com>.
Hi,
In my opinion, client side has to be very easy to implement. I am happy
with the current implementation. IMHO Having sts_client to handle most
of the work to help client writers is the best approach.
Having said that, I didn't mean to restrict the functionality to
sts_client. We should be able to implement the functionality without
sts_client. If any users have complex requirements, they can use
trust_context to program. +1 for giving a sample which demonstrate it.
Regards,
Shankar.
Supun Kamburugamuva wrote:
> Hi,
>
> I agree with you Kasun. I think the approach we should promote is
> using the trust_context structure. This will enable a consistent
> implementations in client side as well as server side.
>
> Regards,
> Supun..
>
> On 2/14/08, Kasun Indrasiri <ka...@gmail.com> wrote:
>
>> Hi,
>>
>> In the Trust implementation, we have used sts_client to interfacing client
>> programmer and trust module. Our main objective is to ease the work of a
>> user has to do when he is using the trust module by doing most of the work
>> inside the
>> sts_client. But this approch not restricts the user from following
>> the common approach when we are using a svc_client. Any user can use
>> the normal approach other than
>> using sts_client.
>>
>> But if are going to restrict only ro sts_client, we have have to do sevaral
>> unwanted delegations. So, I think we can add another sample case which not
>> strictly depending on sts_client. (I thinks we currently have one similar to
>> this in secpolicy scenario 20 which deals with RST Template and Trust)
>>
>> Thanks,
>> Kasun
>>
>>
>
>
Re: Trust - STS Client - unwanted delegations
Posted by Supun Kamburugamuva <su...@gmail.com>.
Hi,
I agree with you Kasun. I think the approach we should promote is
using the trust_context structure. This will enable a consistent
implementations in client side as well as server side.
Regards,
Supun..
On 2/14/08, Kasun Indrasiri <ka...@gmail.com> wrote:
> Hi,
>
> In the Trust implementation, we have used sts_client to interfacing client
> programmer and trust module. Our main objective is to ease the work of a
> user has to do when he is using the trust module by doing most of the work
> inside the
> sts_client. But this approch not restricts the user from following
> the common approach when we are using a svc_client. Any user can use
> the normal approach other than
> using sts_client.
>
> But if are going to restrict only ro sts_client, we have have to do sevaral
> unwanted delegations. So, I think we can add another sample case which not
> strictly depending on sts_client. (I thinks we currently have one similar to
> this in secpolicy scenario 20 which deals with RST Template and Trust)
>
> Thanks,
> Kasun
>