-
Enhancement
-
Resolution: Fixed
-
P3
-
5.0
-
None
-
tiger
-
generic
-
solaris_7
This is one of the parts for 4635083
(Enhanced security token integration),
which is a Target of Opportunity for Tiger.
Some hardware token providers (for example, a smartcard provider)
may require a login operation into the token using a password
or other means of authentication before certain operations
can be performed.
Currently there is no standard API to directly log into a token.
A new abstract subclass of java.security.Provider
should be added. It should define methods for retrieving
a javax.security.auth.login.LoginContext that may
be used to directly log into and out from a token.
Although applications should be able to directly log into a token,
providers should also be able to detect whether a login
has not yet occurred, and if necessary,
attempt to log users in themselves
(internally using their own LoginContext).
Since there is no well defined, standard, auto logout mechanism,
applications will still have to directly
invoke the API to perform a logout.
A new class javax.security.auth.PasswordCredential should
also be introduced. Login modules may place this as a
private credential in a subject once authentication
to a token has successfully completed. This will
facilitate single signon solutions. The PasswordCredential
should be generic so it can be used with any password
based authentication mechanism.
(Enhanced security token integration),
which is a Target of Opportunity for Tiger.
Some hardware token providers (for example, a smartcard provider)
may require a login operation into the token using a password
or other means of authentication before certain operations
can be performed.
Currently there is no standard API to directly log into a token.
A new abstract subclass of java.security.Provider
should be added. It should define methods for retrieving
a javax.security.auth.login.LoginContext that may
be used to directly log into and out from a token.
Although applications should be able to directly log into a token,
providers should also be able to detect whether a login
has not yet occurred, and if necessary,
attempt to log users in themselves
(internally using their own LoginContext).
Since there is no well defined, standard, auto logout mechanism,
applications will still have to directly
invoke the API to perform a logout.
A new class javax.security.auth.PasswordCredential should
also be introduced. Login modules may place this as a
private credential in a subject once authentication
to a token has successfully completed. This will
facilitate single signon solutions. The PasswordCredential
should be generic so it can be used with any password
based authentication mechanism.
- relates to
-
-
- Resolved
-