...
Question | Outcome | ||
---|---|---|---|
What best addresses the problem in terms of our needs and technology? Dispelling differences between SASL and JAAS and their applicability. | By sticking with Spring Security we can eventually offer support for both | ||
What is a core set of providers that cover most needs? | PKI, Username/Password, Keberos | ||
How does this affect user model in terms of groups and access? How does it affect our compliance with SCIM? | It does not affect it. This simply provides support for identifying a user. Access and groups are handled by the AuthorityProvier | ||
How does this affect the authority provider? | It does not impact the AuthorityProvider | ||
When using Username/Password how do we establish site to site communication? Do we support creating new users via the UI? | Will likely not support creating new users via the UI and will require the admin to provide the credentials which will be input when configuring the Remote Process Group. | When using OpenId Connect how do we establish site to site communication? | Since certificates are necessary for establishing secure connectors in the web server, we can still rely on certificates for site to site and cluster communications. |