I'd like more to have separate methods, not to pass over the String returning one; for example exposing: AuthenticationMethod.authenticateWithSubject(Request request) which returns a Subject sounds good to me. Cheers, Tommaso
2011/3/29 Henry Story <[email protected]> > > currently AuthenticationMethod.authenticate(Request request) returns > String > > It would make more sense if it could return a Subject [1]. This would > allow the object returned to be a lot richer. For example > > (a) A Subject can contain a number of credentials and a number of > Principals. Each principal would > be a WebID. Some WebIDs might take time to be verified, so they could > appear in the Subject at a > later time. > > (b) A Subject can also contain credentials. In fact X509 certificates > should be the prototypical public credential. > > (c) Credentials can be any object, but clearly one could wrap an > X509certificate with an isCurrent() method to test if the certificate is > still valid. It would also allow X509certs to be destroyed, which could then > perhaps throw TLS exceptions... to be looked into. > > > Question: How does TLS authentication relate to the LoginContext? It seems > that it works for Kerberos > > > http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html > > > Henry > > [1] > http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html#Subject > > > Social Web Architect > http://bblfish.net/ > >
