[higgins-dev] Higgins Dev Call 7/20/2006, noon ET

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[higgins-dev] Higgins Dev Call 7/20/2006, noon ET

From: "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>
Date: Thu, 20 Jul 2006 13:04:36 -0400
Delivered-to: higgins-dev@xxxxxxxxxxx
Importance: Normal
List-archive: <http://eclipse.org/pipermail/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>

Attendees: 
 - Paul, Greg, Brian, Mike, Jim, Mary, Tony, Tom, Duane, Uppili

Agenda: 
 - java.security.provider in lieu of IdAS endpoint?
 - naming of IdAS to IdASRegistry

Conversation
------------

Greg:
 - in java.security.provider a provider is a container of services
 - the security class has methods to manage providers
 - if we were to map what we're talking about into that we'd need an engine
class for IdAS
 - a person providing an implementation would create a provider class and
register it with the security class
 - underneath engine classes are distinguished by algorithms
 - the analog to algorithm would be underlying data representation
 - what's different about the way security class vs. how we want: we want to
be able to pick a provider not only in relation to what it does underneath
but a particular context. So we'd need a separate class that sits on top of
all the IdAS providers.

Tony
 - when we designed this we didn't constraint the interp of what the string
meant
 - we built it for security, but it is a pretty general purpose framework
 - you can register, reorder, and search for providers

Greg
 - sometimes you want to find a provider by "algorithm" (technology)
 - can I say?: give me the provider that surfaces this context

JimS
 - whatever Greg comes up with will dramatically affect
 - we've got a notion that a context provider has policy (configuration,
etc)
 - in Bandit we have an xml config file for each realm/context 
 - each section has JNDI context factory name
 - we're looking to adapt this to the Higgins model
 - what's the format of the policy? We mentioned in the F2F it should be
WS-Policy

Tom
 - each provider needs its own configuration
 - contexts are identified by URI

Tony
 - Contexts are identified by WS-Adressing EPRs
 - You can open up an EPR and examine its metadata and one of these is
policy
 - We can protect these EPRs from attack

Tom
 - is there a prescribed engine policy engine impl?

Tony
 - has been looking at Apache's
 - we've got one internally, do we want to open source it?
 - people have done interops for this

Tom
 - are there any policy editors?

Tony
 - yes, we have an eclipse plugin for WS-Security-Policy editing

Tom
 - will post examples of Bandit realms to the list

Mike
 - working live.microsoft.com interop
 - working on changes for extention development "Token Providers"
 - hoping to get some work published on the Higgins wiki next week

Uppili
 - attempting to work on some deployment architecture diagrams

end:40min

Prev by Date: RE: [higgins-dev] New time for higgins-dev weekly call: 12pm ET
Next by Date: RE: [higgins-dev] New time for higgins-dev weekly call: 12pm ET
Previous by thread: [higgins-dev] [IdAS] use cases
Next by thread: [higgins-dev] Do we need a less platform dependent context provider registry?
Index(es):
- Date
- Thread

Breadcrumbs