We could certainly move the validation of tokens into the Codec (I guess we'll then have to rename that class SecurityTokenCodecValidator as well...)
I added the isExpired() method so that a request for an expired token could get downgraded to an anonymous level of access during the chain of AuthenticationHandlers. I'm open to other architectures. Long term I'd like to see all token management routines end up in an OAuth library, like the newly incubating Amber project. Also long term I'd like to introduce capability based security into security tokens. When you start having three or four cooperating parties (container, graph/data provider, viewer, owner, gadget vendor) you end up with a lot of confused deputies <http://en.wikipedia.org/wiki/Confused_deputy_problem>.. On Thu, May 13, 2010 at 12:01 PM, Brian Eaton <[email protected]> wrote: > On Tue, May 11, 2010 at 2:16 PM, Paul Lindner <[email protected]> > wrote: > > +beaton (for domain member question) > > I'll add some docs to the committed code. expiresAt is informational, > > isExpired() is canonical and convenient enough that I'm betting that most > > implementers will use it, and it can encompass things like a CRL, > blacklist, > > etc. depending on the implementation. > > I don't understand the need for isExpired and friends... why not just > enforce expiration checks in the security token decoding process? > > A security token arrives, is validated, and is used for a few seconds > (the duration of one user request). > > > I don't think that ContainerConfig calls can be spoofed when you're using > > BlobCrypter which guarantees against tampering. I am concerned that there > > are a number of pieces of code that iterate through all containers, this > > works for small numbers of containers, but not large populations (where a > > container == a third party site). > > So long as you get the container from the security token and not a URL > parameter, I think it's solid. > > But I don't understand what you're doing with OAuth 2 and shindig. > > Is there a design doc or a road map? >
