You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@clerezza.apache.org by "Henry Story (JIRA)" <ji...@apache.org> on 2011/05/11 19:13:47 UTC

[jira] [Resolved] (CLEREZZA-494) Subjects should be re-used

     [ https://issues.apache.org/jira/browse/CLEREZZA-494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Henry Story resolved CLEREZZA-494.
----------------------------------

    Resolution: Fixed

This was done by enabling CLEREZZA-479 - building the WebID test suite. The commits should have been assigned to this issue here.

> Subjects should be re-used
> --------------------------
>
>                 Key: CLEREZZA-494
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-494
>             Project: Clerezza
>          Issue Type: Improvement
>            Reporter: Henry Story
>            Assignee: Henry Story
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> With WebID a number of things need to be looked at that don't appear obvious when one is dealing with simple and cookie auth. This in fact also applies to OpenId authentication. One of these is that one can have a number of Principals in one WebID authentication, since an X509 cert could contain two webids or even an email address. 
> But it also the case that someone who authentified themselves with WebID may later also use a password, as an additional method of authentication. 
> So it seems to me that the Subject should be passed along at all stages of authentification. The following article on JBoss Subject usage shows quite clearly that this is the purpose of the Subject. 
> http://oatv.com/pub/a/onjava/excerpt/weblogic_chap17/index1.html?page=5
> It will also be very useful as the Subject can gather credentials, both those that succeeded and those that failed in order to help explain why there were failures in a web interface. So in the case of WebID test suite we would like to pass the X509Claims as credentials to an explanatory page, so that one can explain to the user why the claims failed. The same will be true in an OpenID claim: it will help to the let the user know that his OpenId provider is down at the moment, so that he can be properly redirected.
> The changes to get this to work are quite small, but it will require some thinking things through. But both OpenId support and WebId suport will require some of this thinking to occur. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira