Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[higgins-dev] STS profile problems


We need to be able to use any implementation of IdAS context to manage STS user profile. We are going to implement a new user profile plugin (like org.eclipse.higgins.sts.server.profile) which will use any implementation of IdAS context and perform all operations (including profile creation) using IdAS methods (now LDAP is directly used to create/modify a profile). However, we have the following problems with DigitalIdentityHandler:

1. DigitalIdentityHandler is implemented to use the peculiarity of JNDI CP - each context contains single digital subject and subject ID is returned by method. I think we should not use this peculiarity anywhere. Moreower, I think should return nothing (void). Perhaps, in case of JNDI CP it will be more convinient to alwauys return its single subject for any value of passed subjectID. In other words, JNDI IContext.getSubject(String subjectID) should always return the same subject for any passed subjectID, even for null.

2. To find appropriate DigitalSubject, we need its subjectID. So, CardID should contain both contextRef and subjectID (subjectID will be missed for JNDI provider).

3. In case of SelfSigned cards, cardID should also contain contextRef + subjectID (now it contains IssuerID of selfIssued cards).

4. Perhaps, STS should not use DefaultContextRef. It should be a problem of IdASRegistry to initialize any ContextFactory and find required context.

Sergey Lyakhov

Back to the top