Hi Bruno, That sounds good, that for continuing the thinking. For SPNEGO, feel free to post comments on the RFE:
"Support SPNEGO authentication" http://restlet.tigris.org/issues/show_bug.cgi?id=444 Best regards, Jerome -----Message d'origine----- De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot Envoyé : dimanche 1 juin 2008 23:50 À : discuss@restlet.tigris.org Objet : Re: Guards and authentication mechanisms Hi all, Jerome Louvel wrote: > Hi all, > > Thanks Bruno for the nice synthesis, that definitely helps moving forward. I > have entered a new RFE to consolidate your comments and other ones from > Stephan: > > "Refactor authentication and authorization" > http://restlet.tigris.org/issues/show_bug.cgi?id=505 > > Stephan, I agree that this will take some time to properly refactor and take > all aspects into account. I've listed 13 (!) related issues that I added in > the "blocks" field. > > I don't think it would be wise to rush changes into 1.1 so I have set the > milestone to 1.2 M1. Yes, I agree, no rush. Those of us who actually need such Guards in practice can more or less implement them in 1.1 as plain Filters or subclasses of Guard. I'll try to think of more esoteric authnz mechanisms (for example Shibboleth, which we use in parts of the project I work on). I've actually just had a rather successful go at implementing a SPNEGO Filter using the JAAS/GSS mechanism of Java 6, based on Kerberos. It's just a proof of concept and the code isn't very clean (I've cut a few corners when implementing my own ChallengeScheme and AuthenticationHelper), but it seems to work. (At least to test, being able to write the 'WWW-Authenticate' headers directly or at having something a bit simpler than AuthenticationHelper.formatParameters(...) would have made it a bit easier.) I can't guarantee if and how much time I can spend on this, but I'll try to give more details sometime soon. Best wishes, Bruno.