Looking around in the code to see how this method is used I found :
- that is is implemented by:
+ BasicAuthentication
+ CookieAuthentication
+ FoafSslAuthentication
- the method is called by
AuthenticatingFilter.handle(Request, Response)
It does not therefore make sense to have two different methods, because the
point of these implementations is to hide behind the interface so that
AuthenticatingFilter can proceed without
knowledge of the impl.
What I will do is work on a branch here, and see how far I get by changing
the method as proposed.
It may be after all that on embarking on this I find something else that does
not work, or that is problematic, or simply that what I was hoping to achieve
does not work anyway.
I think we could say there was success if we could get someone who had be
logged in with WebID to the
also login with username/password and use that to help tie a WebId to an
existing account. If I don't implement something like that, at least I'll see
if it works.
Henry
On 29 Mar 2011, at 10:40, Tsuyoshi Ito wrote:
> Hi
>
> +1 for Tommaso's suggestion.
>
> cheers
> tsuy
>
> On Tue, Mar 29, 2011 at 10:00 AM, Tommaso Teofili
> <[email protected]> wrote:
>> I'd like more to have separate methods, not to pass over the String
>> returning one; for example exposing:
>> AuthenticationMethod.authenticateWithSubject(Request request)
>> which returns a Subject sounds good to me.
>> Cheers,
>> Tommaso
>>
>> 2011/3/29 Henry Story <[email protected]>
>>
>>>
>>> currently AuthenticationMethod.authenticate(Request request) returns
>>> String
>>>
>>> It would make more sense if it could return a Subject [1]. This would
>>> allow the object returned to be a lot richer. For example
>>>
>>> (a) A Subject can contain a number of credentials and a number of
>>> Principals. Each principal would
>>> be a WebID. Some WebIDs might take time to be verified, so they could
>>> appear in the Subject at a
>>> later time.
>>>
>>> (b) A Subject can also contain credentials. In fact X509 certificates
>>> should be the prototypical public credential.
>>>
>>> (c) Credentials can be any object, but clearly one could wrap an
>>> X509certificate with an isCurrent() method to test if the certificate is
>>> still valid. It would also allow X509certs to be destroyed, which could then
>>> perhaps throw TLS exceptions... to be looked into.
>>>
>>>
>>> Question: How does TLS authentication relate to the LoginContext? It seems
>>> that it works for Kerberos
>>>
>>>
>>> http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/tutorials/AcnOnly.html
>>>
>>>
>>> Henry
>>>
>>> [1]
>>> http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html#Subject
>>>
>>>
>>> Social Web Architect
>>> http://bblfish.net/
>>>
>>>
>>
>
>
>
> --
> --trialox ag--------------------------------------
>
> Tsuyoshi Ito
> Binzmuehlestrasse 14
> CH-8050 Zürich
> Tel. +41 44 635 75 77
> URL: http://trialox.org
Social Web Architect
http://bblfish.net/
