Re: Guards and authentication mechanisms

Tue, 10 Jun 2008 01:45:32 -0700 

Hi,
Perhaps this can help, I've made a (long) list of authentication mechanisms (about as many as I could find and I've tried most): 
http://blog.distributedmatter.net/post/2008/06/09/HTTP-authentication-mechanisms-and-how-they-could-work-in-Restlet
I was looking into which authentication information could be obtained from the server (in the sense of what can then be used for making an authorisation decision). 

Best wishes,

Bruno.


Jerome Louvel wrote:

Hi Bruno,

That sounds good, that for continuing the thinking. For SPNEGO, feel free to
post comments on the RFE:

"Support SPNEGO authentication"
http://restlet.tigris.org/issues/show_bug.cgi?id=444 
Best regards,
Jerome


-----Message d'origine-----
De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot
Envoyé : dimanche 1 juin 2008 23:50
À : [email protected]
Objet : Re: Guards and authentication mechanisms

Hi all,

Jerome Louvel wrote:

Hi all,

Thanks Bruno for the nice synthesis, that definitely helps moving forward.

I

have entered a new RFE to consolidate your comments and other ones from
Stephan:

"Refactor authentication and authorization"
http://restlet.tigris.org/issues/show_bug.cgi?id=505 
Stephan, I agree that this will take some time to properly refactor and

take

all aspects into account. I've listed 13 (!) related issues that I added

in
the "blocks" field. 
I don't think it would be wise to rush changes into 1.1 so I have set the
milestone to 1.2 M1.
Yes, I agree, no rush. Those of us who actually need such Guards in practice can more or less implement them in 1.1 as plain Filters or subclasses of Guard. I'll try to think of more esoteric authnz mechanisms (for example Shibboleth, which we use in parts of the project I work on). I've actually just had a rather successful go at implementing a SPNEGO Filter using the JAAS/GSS mechanism of Java 6, based on Kerberos. It's just a proof of concept and the code isn't very clean (I've cut a few corners when implementing my own ChallengeScheme and AuthenticationHelper), but it seems to work. (At least to test, being able to write the 'WWW-Authenticate' headers directly or at having something a bit simpler than AuthenticationHelper.formatParameters(...) would have made it a bit easier.) I can't guarantee if and how much time I can spend on this, but I'll try to give more details sometime soon. 


Best wishes,

Bruno.

Reply via email to