[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
| Re: [higgins-dev] proposal to change IContext.open semantics | 
  
  
    
      so I think I'll add the reopen call.    
      
    
      Regarding using null to indicate the same thing we indicate today with AuthNAnonymousMaterials, there have actually now been three proposals for the semantics of null: 1) anonymous, 2) a configured least-privileged user, and 3) re-use the prior materials.    
      
    
      knowing there was already more than 1 proposed semantic is what caused me to create AuthNAnonymousMaterials and AuthNLeastPrivilegedMaterials, both being nothing more than a marker that carries a semantic meaning.    
      
    
      We could decide one of these semantics is the *most* intuitive when null is passed if we wanted to.  I didn't feel like making that judgment, so I just said null is not allowed :)
>>> "Markus Sabadello" <msabadello@xxxxxxxxxxxxx> 08/05/08 1:30 PM >>>
    
    
      
        Yeah reopen() seems to be best.
I didn't even know about the AuthnNAnonymousMaterials. To me it would be more intuitive to use null instead. Since what you're really passing is just an Object, it's not very obvious that there are certain Objects here that have a special meaning.
Markus
      
      
        
          On Tue, Aug 5, 2008 at 9:22 PM, Jim Sermersheim        
        
        
          wrote:
        
        
          
            
              Yeah, right now, null is not even allowed.  One would have to pass some kind of AuthNNullMaterials, or the existing AuthNAnonymousMaterials today.  I agree that open(null) is more intuitively seen as being called in a situation where no materials are needed.            
            
              
                          
            
              This just made me think of yet another alternative.  Create a new AuthNExistingMaterials.  It's just like AuthNAnonymousMaterials in that it's nothing more than a marker class, but it carries the semantics: use the materials previously passed in the last call to open.  This would probably necessitate us allowing subsequent open methods to be called without requiring close to be called.            
            
              
                          
            
              So far, IContext.reopen() sounds best to me.            
            
              
                          
            
              Jim            
            
            
              
                  
              
              
                
                  
                    To me IContext.open(null) sounds like the context doesn't need authn materials, i.e. can be opened by anyone. reopen() sounds better to me.
But no strong opinion..
Markus
                  
                  
                    
                      On Tue, Aug 5, 2008 at 8:50 PM, Jim Sermersheim                    
                    
                    
                      wrote:
                    
                    
                      
                        
                          There have been some requests along the lines of IContext needing some kind of "re-authenticate" method.  The use case is something like:  The IdAS consuming application has already opened a context using a user's authN materials.  Some time has passed, or some policy has changed, and the application wishes to re-authenticate the user.                        
                        
                          
                                                  
                        
                          There is currently a way do do this (call IContext.close followed by IContext.open again with the authN materials previously provided by the user).  This requires the calling application to keep a copy of the authN materials.  The request is for there to be a way for the calling application to re-authenticate without re-providing the user's authN materials.                        
                        
                          
                                                  
                        
                          Currently, we say that if one calls IContext.open when a context is already in an open state, then a ContextOpenException is thrown.                        
                        
                          
                                                  
                        
                          The proposal is this:                        
                        
                          
                                                  
                        
                          1) Allow IContext.open to be called with a null authN materials.                        
                        
                          2) When the above happens:                        
                        
                          2.1) the context must be in an already open state or an AuthenticationException is thrown                        
                        
                          2.2) the context provider will either:                        
                        
                          2.2.1) use the previously passed authN materials to re-authenticate, or                        
                        
                          2.2.2) throw an AuthenticationException, noting that it is unable to re-authenticate (this could be due to it not storing the previously used authN materials.                        
                        
                          
                                                  
                        
                          Objections?                        
                        
                          
                                                  
                        
                          Note that a followup question might be: "if we allow this, should we allow open to be called with new authN materials when a context is in an open state?"                        
                        
                          
                                                  
                        
                          Alternately, we could introduce a new method like IContext.reOpen().  That might cause the previous question to not be asked, and its semantics might be more immediately obvious.                        
                        
                          
                          
                                                  
                        
                          Jim                        
                       
                      
                        
                        _______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev
                      
                    
                   
                  
                    
                                      
                 
               
             
           
          
            
            _______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev