Richard Wallace wrote:
>Hey guys,
>
>I've been working with Larry on a AAA
>(Authentication/Authorization/Auditing) framework for cornerstone. One
>of the things that we're discussing is if we should have support for
>multiple Realms similar to the way PAM and JAAS have multiple
>LoginModules. I'm thinking that it would be similar in function to the
>way JAAS does it, but alleviates the need for relying on the JAAS API
>and creating a JAASRealm that would have to be used to get this feature.
>
>I have two questions about this, I guess:
>1) Does this sound like a feature people would be interested in? If
>there isn't a lot of need for it we'll put it on the back burner and
>maybe write an implementation later that will support it.
>
Yes, I'm iunterested in seeing multiple realms.
>2) We're deciding that (at least within phoenix) Realms will be
>configured and provided to the Authenticator as blocks.
>
+1
(and I'm assuming when you say block, you actually mean a
component + meta-info .. which is equivalent to the notion of a block)
>So, if we
>decide to support multiple realms how do we provide multiple components
>that implement the same role (in this case Realm) to a Serviceable
>component? Or would that not be the right interface to implement?
>
Yes and no.
Some possible approaches:
1. Create an Authenticator component that has a dependecy of a RealmSet
component. The RealSet establishes the realms using whatever
implementation magic it likes (via configuration info, via dynamic
lookup of available realms in a directory or file-system, etc).
The kernel will supply the RealmSet to the Authenticator based on the
dependecies you declare.
2. If is a pure Phoenix environment, then you could use a block listener
aggregate the set of realms and wire these to the Authenticator.
My preference would be for option 1.
>
>What, other than Serviceable, should it become to accomplish this?
>
Serviceable is what you should be using if you declare dependecies - the
quetion is - are yuou declaring a dependecy on a single realm, or a
component that enables you to select one or more realms.
Cheers, Steve.
--
Stephen J. McConnell
OSM SARL
digital products for a global economy
mailto:[EMAIL PROTECTED]
http://www.osm.net
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
