I have a few questions. Will the user be infinitely authenticated once the initial authentication is successful as far as the connection is intact? Or is there a timeout for authenticated session even within a connection? And what are the implications of reestablishing a connection?
On Mon, Dec 25, 2017 at 8:52 AM, Hasitha Hiranya <[email protected]> wrote: > Hi Asanka, > > Perfect. That is what I wanted to clarify. > > Thanks > > On Mon, Dec 25, 2017 at 5:31 PM, Asanka Abeyweera <[email protected]> > wrote: > >> Hi Hasitha, >> >> Here connection corresponds to the "AMQP connection". That is we do the >> authentication when we receive the connection.start-ok frame and use the >> authenticated connection in sessions created using the connection. We are >> not planning to authenticate each session creation. >> >> On Mon, Dec 25, 2017 at 4:14 PM, Hasitha Hiranya <[email protected]> >> wrote: >> >>> Hi Waruna, >>> >>> According to the diagram, authentication happens on a new "connection". >>> Is my observation correct? >>> There will be no need to do that for sessions created by that connection >>> as same user will be creating them. >>> >>> Thanks >>> >>> On Wed, Dec 13, 2017 at 11:03 PM, Waruna Jayaweera <[email protected]> >>> wrote: >>> >>>> Hi, >>>> AMQP specification defined the authentication mechanism and security >>>> content data is based on Simple Authentication and Security Layer(SASL) >>>> framework. Following figure shows the proposed implementation for $subject. >>>> >>>> [image: Inline image 1] >>>> >>>> Once client request a connection, server will send the supported SASL >>>> mechanisms ( ex. Plain Text) to client. After that client will send the >>>> selected mechanism + auth response data. Server will create SASL server >>>> based on the client mechanism and then server will evaluate the client >>>> authentication data and callback handler will be executed for >>>> authentication. It will be done using following two extension points. >>>> >>>> 1. Authenticator - Interface to authenticate mechanism based on >>>> security framework .We will use Java Authentication and Authorization >>>> Service (JAAS) as default authentication implementation. >>>> 2. JAAS Modules - Uses can defined own JAAS Login module as well. >>>> >>>> If authentication is success, connection will be established or else >>>> will send authentication error. >>>> >>>> Thanks, >>>> Waruna >>>> >>>> -- >>>> Regards, >>>> >>>> Waruna Lakshitha Jayaweera >>>> Senior Software Engineer >>>> WSO2 Inc; http://wso2.com >>>> phone: +94713255198 <+94%2071%20325%205198> >>>> http://waruapz.blogspot.com/ >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Hasitha Abeykoon* >>> Associate Technical Lead; WSO2, Inc.; http://wso2.com >>> *cell:* *+94 719363063* >>> *blog: **abeykoon.blogspot.com* <http://abeykoon.blogspot.com> >>> >>> >> >> >> -- >> Asanka Abeyweera >> Associate Technical Lead >> WSO2 Inc. >> >> Phone: +94 712228648 <+94%2071%20222%208648> >> Blog: a5anka.github.io >> >> <https://wso2.com/signature> >> > > > > -- > *Hasitha Abeykoon* > Associate Technical Lead; WSO2, Inc.; http://wso2.com > *cell:* *+94 719363063* > *blog: **abeykoon.blogspot.com* <http://abeykoon.blogspot.com> > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Shazni Nazeer Mob : +94 777737331 LinkedIn : http://lk.linkedin.com/in/shazninazeer Blogs : https://medium.com/@mshazninazeer http://shazninazeer.blogspot.com <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
