Difference between revisions of "ESAPI Authentication"

From OWASP
Jump to: navigation, search
(New page: == Feature Overview == TODO == Possible Enhancements == * TODO * ...)
 
m
 
(3 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
== Possible Enhancements ==  
 
== Possible Enhancements ==  
  
* TODO
+
* Wrap Principal don't extend (a "principal" is an authenticated user in Java. Typically, a 'claimant' would be an unauthenticated user. User could be either authenticated or unauthenticated, depending on the context.)
  
* ...
+
* Work to make compatible with container based authentication
 +
 
 +
* Should work with more generic Credential type rather than assuming username / password. That would allow certificates, smart cards, and other more advanced means of authentication.
 +
 
 +
* Provide a reauthentication API
 +
 
 +
* consider mechanisms provided by vm to associate authentication state with the invocation (e.g. Java AccessControlContext including Subject)

Latest revision as of 00:22, 21 August 2011

Feature Overview

TODO

Possible Enhancements

  • Wrap Principal don't extend (a "principal" is an authenticated user in Java. Typically, a 'claimant' would be an unauthenticated user. User could be either authenticated or unauthenticated, depending on the context.)
  • Work to make compatible with container based authentication
  • Should work with more generic Credential type rather than assuming username / password. That would allow certificates, smart cards, and other more advanced means of authentication.
  • Provide a reauthentication API
  • consider mechanisms provided by vm to associate authentication state with the invocation (e.g. Java AccessControlContext including Subject)