6689 2009-03-14 10:23 Define new SecurityAttributes interface 2009-03-15 10:16:49 1 1 1 Unclassified GridShib SAML/Binding Tools 0.5.3 All All RESOLVED FIXED http://dev.globus.org/wiki/GridShib_Security_Table P3 enhancement 0.5.4 6691 6690 1 trscavo@gmail.com trscavo@gmail.com trscavo@gmail.com 2009-03-14 10:23:48 Define a new SecurityAttributes interface that lets you decorate a security item (or even a security context implementation) with attributes. Here the term "attribute" refers to the most general notion of attribute, as discussed in the wiki article entitled "GridShib Security Table" (see link above). This new interface will in fact support the Security Table implementation. The SecurityAttributes interface implicitly defines a "security attribute" as a name-value pair whose name is a simple string and whose value is a set of strings. One string in the set of value strings is distinguished in some manner, to be determined by the implementation. public interface SecurityAttributes { public boolean addAttributeValue(String name, String value); public boolean removeAttribute(String name); public String getAttributeValue(String name); public Set getAttributeValues(String name); public Set getAttributeNames(); } Not all of the current security items will implement this interface. SAMLIdentity and BasicAttribute will implement this interface. SAMLPrincipal and TeraGridPrincipal will also implement this interface. The rest of the security items will probably not implement this interface. SAMLAuthnContext, for example, doesn't seem to have anything to add to the set of SecurityAttributes. trscavo@gmail.com 2009-03-14 17:13:37 New implementation of SecurityAttributes interface: public abstract class DecoratedSecurityItem extends BaseSecurityItem implements SecurityAttributes; Concrete classes SAMLIdentity, BasicAttribute, and SAMLPrincipal now extend the above class. Each of these classes adds a security attribute when the security item becomes trusted. trscavo@gmail.com 2009-03-14 17:36:10 The SAMLPrincipal class has a new type member and a corresponding getType method. Constructor SAMLPrincipal(String, String, String) was deprecated in favor of the SAMLPrincipal(String, String, String, String) constructor. The latter takes a new type parameter. In the constructor, a security attribute is added: this.addAttributeValue(this.type, this.name); The type and name of this SAMLPrincipal instance are the name and value of the security attribute, respectively. Presumably the type is a URI that uniquely identifies the attribute. trscavo@gmail.com 2009-03-14 17:39:21 Committed all resources to CVS HEAD. This new feature will be distributed with GS-ST v0.5.4 (which will not be publicly release). trscavo@gmail.com 2009-03-14 17:54:30 (In reply to comment #2) > Constructor SAMLPrincipal(String, String, String) was deprecated in > favor of the SAMLPrincipal(String, String, String, String) constructor. The SAMLSecurityContext class invokes the new constructor instead of the deprecated constructor. trscavo@gmail.com 2009-03-14 18:09:50 (In reply to comment #4) > (In reply to comment #2) > > Constructor SAMLPrincipal(String, String, String) was deprecated in > > favor of the SAMLPrincipal(String, String, String, String) constructor. > > The SAMLSecurityContext class invokes the new constructor instead of the > deprecated constructor. Same goes for the unit tests BasicAttributeTest and SAMLPrincipalTest. trscavo@gmail.com 2009-03-14 18:15:37 (In reply to comment #2) > Constructor SAMLPrincipal(String, String, String) was deprecated in > favor of the SAMLPrincipal(String, String, String, String) constructor. Since the TeraGridPrincipal class is a subclass of the SAMLPrincipal class, the former now invokes the new constructor, not the deprecated constructor. The TeraGridPrincipal class passes the following type value to the constructor: http://teragrid.org/names/nameid-format/principalname Other instances of SAMLPrincipal will behave similarly. trscavo@gmail.com 2009-03-15 09:40:40 Added unit tests to each of SAMLIdentityTest, SAMLPrincipalTest, and BasicAttributeTest.