THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Authentication - Single Sign On
No implementation yet
1. The client application authenticates and receives a token by some means out of band to Tuscany
2. The client application sends messages to Tuscany including the authenticated token. The intent is either authentication.message or authentication.transport
3. The tuscany runtime (host, binding, policy code) allows extensible policy support to validate the token against some 3rd party identitiy system.
To make this work there are a number of moving parts that we need to think about.
Decide what format the security token is going to take. From a general Tuscany point of view we don't actually have to decide what the token will look like but we have to understand what formats are valid, of particular standards are allowed etc.
JMS
Assume authentication.message is required here
It's likely the security token will travel in a JMS message property so the JMS binding needs to be extended to be able to call out to policy providers in order to authenticate the token and retrieve the Subject. The Token/Subject should then be placed in the Tuscany message context.
...