1 Reply Latest reply on Aug 10, 2005 8:36 PM by Scott Stark

    Generalizing the JAAS/Authentication Service

    Scott Stark Master

      In addition to generalizing the authorization layer, we also need to generalize the authentication layer and have a well defined SSO framework that can be used across JEMS.

      The JSR-196 (Java Authentication SPI for Containers) draft has finally seen the light of day and so authentication will also be a better defined as a pluggable aspect of a j2ee container. There is no notion of SSO in this spec however, so as part of update the authentication service to support JSR-196, we also need to consider how SSO via standards such as SAML and Liberty are going to be supported.