[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[higgins-dev] Higgins Dev Call 7/20/2006, noon ET
|
Attendees:
- Paul, Greg, Brian, Mike, Jim, Mary, Tony, Tom, Duane, Uppili
Agenda:
- java.security.provider in lieu of IdAS endpoint?
- naming of IdAS to IdASRegistry
Conversation
------------
Greg:
- in java.security.provider a provider is a container of services
- the security class has methods to manage providers
- if we were to map what we're talking about into that we'd need an engine
class for IdAS
- a person providing an implementation would create a provider class and
register it with the security class
- underneath engine classes are distinguished by algorithms
- the analog to algorithm would be underlying data representation
- what's different about the way security class vs. how we want: we want to
be able to pick a provider not only in relation to what it does underneath
but a particular context. So we'd need a separate class that sits on top of
all the IdAS providers.
Tony
- when we designed this we didn't constraint the interp of what the string
meant
- we built it for security, but it is a pretty general purpose framework
- you can register, reorder, and search for providers
Greg
- sometimes you want to find a provider by "algorithm" (technology)
- can I say?: give me the provider that surfaces this context
JimS
- whatever Greg comes up with will dramatically affect
- we've got a notion that a context provider has policy (configuration,
etc)
- in Bandit we have an xml config file for each realm/context
- each section has JNDI context factory name
- we're looking to adapt this to the Higgins model
- what's the format of the policy? We mentioned in the F2F it should be
WS-Policy
Tom
- each provider needs its own configuration
- contexts are identified by URI
Tony
- Contexts are identified by WS-Adressing EPRs
- You can open up an EPR and examine its metadata and one of these is
policy
- We can protect these EPRs from attack
Tom
- is there a prescribed engine policy engine impl?
Tony
- has been looking at Apache's
- we've got one internally, do we want to open source it?
- people have done interops for this
Tom
- are there any policy editors?
Tony
- yes, we have an eclipse plugin for WS-Security-Policy editing
Tom
- will post examples of Bandit realms to the list
Mike
- working live.microsoft.com interop
- working on changes for extention development "Token Providers"
- hoping to get some work published on the Higgins wiki next week
Uppili
- attempting to work on some deployment architecture diagrams
end:40min