[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[stellation-res] WVCM API Problem
|
On Tuesday, September 16, 2003, at 08:03 AM, Jonathan Gossage wrote:
----- Original Message -----
From: "Jonathan Gossage" <jonathan@xxxxxxxxxxxxxx>
To: <stellation-res@xxxxxxxxxxxxxxx>
Sent: Tuesday, September 16, 2003 7:54 AM
Subject: [stellation-res] WVCM API Problem
I have been going through the WVCM API and have found a problem area
that
makes it unnecessarily difficult to use strong authentication. Since
JSR147
is in the public review period until Dec. 3, 2003, I believe we
should
submit a comment to that group. The generalization that is necessary
to
make
it easy to use strong authentication is trivial and I could prepare a
short
document for us to review if you would like.
I've got a more direct channel for suggesting changes to the standard.
I'll
be talking to the WVCM spec author on thursday. (Geoff is a friend of
mine.)
What's the problem with strong authentication in WVCM? WVCM is designed
to sit over WebDAV, which allows the use of cryptographic challenge
authentication, which seems adequately strong. But I'm not a crypto
expert at all - and, I expect, neither is Geoff. So what's the issue?
I forgot to mention that I am planning to write a document that will
recommend that we use JAAS as our authentication and authorization
framework. Given this our current authentication and authorization
support
can be simply encapsulated in a JAAS wrapper. This approach will
allow us
and others to easily provide strong authentication for Stellation.
Gaah. I bought a book on JAAS about a year ago, and concluded it
was a horrible, overcomplicated, incredibly painful API, and that it
looked
like a nightmare to administrate a system that used it.
What kind of benefit are we going to see by replacing the current
auth/auth system in Stellation with JAAS? (It's going to have to be
a pretty big one to convince me!)
-Mark
Mark Craig Chu-Carroll, IBM T.J. Watson Research Center
*** The Stellation project: Advanced SCM Research
*** http://stellation.eclipse.org
*** Work: mcc@xxxxxxxxxxxxxx/Home: markcc@xxxxxxx
Mark Craig Chu-Carroll, IBM T.J. Watson Research Center
*** The Stellation project: Advanced SCM Research
*** http://stellation.eclipse.org
*** Work: mcc@xxxxxxxxxxxxxx/Home: markcc@xxxxxxx