Date: Mon, 05 Jan 1998 17:55:47 -0800
From: David Brownell <db@Eng>
To: Eric Gufford <eric-gufford@home.com>
Subject: Re: user authentication etc
This is a multi-part message in MIME format.
--------------ACB105AEE6CDCD40F4937961
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
You might also look at what the JavaServer toolkit provides,
since that's the place that JavaSoft has started to develop
such user authentication infrastructure. As you may understand,
server developers have to deal with a variety of site security
issues and can't really work without access to some basic
authentication and authorization facilities.
For example, SSL server and client authentication systems are
based on X.509 public key certificates. We've added basic
support for challenge/response authentication, and build on
the java.security.acl package for authorization. (This is all
on top of JDK 1.1!)
I'm personally trying to avoid impersonation/delegation, since
it makes things quite a bit more complex and is rarely done in
a very secure fashion. But I'd be pleased to hear your concerns
in this area.
- David Brownell
Eric Gufford wrote:
>
> Guys/Gals:
>
> Please disregard my previous message. I've found the documentation I
> was looking for.
>
> I'm a voting member of the ANSI J22 java technical committee, and the
> ISO Java Study group. As such, I'm going to get heavily involved in Sun's
> PAS submission of Java. I'm also a seasoned security developer (C++/NT),
> and I'm designing the JavaLobby site security system.
>
> My interests lie in site security. Since you haven't dealt with issues
> such as user authentication, impersonation, delegation and the like yet, I
> would like to get involved in the design/imlementation. If that is
> possible. If not, can I at least post questions to you as I encounter
> issues in the Beta?
>
> Please advise.
>
> Eric Gufford, President
> TRIAD Systems Inc.
> 14 University Rd. E. Brunswick, NJ 08816
> Voice/Fax:908-257-1966
> eric_gufford@acm.org
--------------ACB105AEE6CDCD40F4937961
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for David Brownell
Content-Disposition: attachment; filename="vcard.vcf"
begin: vcard
fn: David Brownell
n: Brownell;David
org: <img src="http://www.javasoft.com/images/logos/javalogo52x88.gif">
adr: Sun Microsystems, Inc.;;901 San Antonio Rd., M/S UCUP 02-206 ;Palo Alto;CA;94303;USA
email;internet: db@eng.sun.com
title: Staff Engineer<br>JavaServer Technologies
tel;work: +1-408-343-1729
tel;fax: +1-408-343-1815
x-mozilla-cpt: ;0
x-mozilla-html: FALSE
end: vcard
--------------ACB105AEE6CDCD40F4937961--