[
https://issues.apache.org/jira/browse/QPID-7166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-7166:
-----------------------------
Description:
Change the existing authentication providers/group providers to produce
principals contain a realm qualified names.
The realm qualified name will be in the form:
{noformat}{identity}@{realm}{noformat} The identity and realm will need to be
encoded (how?).
The formation of the realm name will follow Section 6 RFC-4120. Ultimately all
authentication and group providers will have an {{realmName}}. The Broker will
enforce a business rule that all realm names are unique.
Some authentication provides will capable of defaulting the realm name. For
instance, an LDAP authentication provider might default its realm name to be
the full qualified domain name of the LDAP server itself. If the provider has
a default, this must be overridable, to allow duplicate realm names to be avoid.
https://cwiki.apache.org/confluence/display/qpid/Identity+in+the+Java+Broker
was:
Change the existing authentication providers/group providers to produce
principals contain a realm qualified names.
The realm qualified name will be in the form {identity}@{realm}. The identity
and realm will need to be encoded (how?).
The formation of the realm name will follow Section 6 RFC-4120. Ultimately all
authentication and group providers will have an {{realmName}}. The Broker will
enforce a business rule that all realm names are unique.
Some authentication provides will capable of defaulting the realm name. For
instance, an LDAP authentication provider might default its realm name to be
the full qualified domain name of the LDAP server itself. If the provider has
a default, this must be overridable, to allow duplicate realm names to be avoid.
https://cwiki.apache.org/confluence/display/qpid/Identity+in+the+Java+Broker
> Make user/group names produced by authentication and group providers realm
> qualified
> ------------------------------------------------------------------------------------
>
> Key: QPID-7166
> URL: https://issues.apache.org/jira/browse/QPID-7166
> Project: Qpid
> Issue Type: New Feature
> Components: Java Broker
> Reporter: Keith Wall
> Fix For: qpid-java-6.1
>
>
> Change the existing authentication providers/group providers to produce
> principals contain a realm qualified names.
> The realm qualified name will be in the form:
> {noformat}{identity}@{realm}{noformat} The identity and realm will need to
> be encoded (how?).
> The formation of the realm name will follow Section 6 RFC-4120. Ultimately
> all authentication and group providers will have an {{realmName}}. The
> Broker will enforce a business rule that all realm names are unique.
> Some authentication provides will capable of defaulting the realm name. For
> instance, an LDAP authentication provider might default its realm name to be
> the full qualified domain name of the LDAP server itself. If the provider
> has a default, this must be overridable, to allow duplicate realm names to be
> avoid.
> https://cwiki.apache.org/confluence/display/qpid/Identity+in+the+Java+Broker
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
