Credential.java

package org.apereo.cas.authentication;

import java.io.Serializable;

/**
 * Describes an authentication credential. Implementations SHOULD also implement {@link CredentialMetaData} if
 * no sensitive data is contained in the credential; conversely, implementations MUST NOT implement
 * {@link CredentialMetaData} if the credential contains sensitive data (e.g. password, key material).
 *
 * @author William G. Thompson, Jr.
 * @author Marvin S. Addison
 * @see CredentialMetaData
 * @since 3.0.0
 */
public interface Credential extends Serializable {

    /** An ID that may be used to indicate the credential identifier is unknown. */
    String UNKNOWN_ID = "unknown";

    /**
     * Gets a credential identifier that is safe to record for logging, auditing, or presentation to the user.
     * In most cases this has a natural meaning for most credential types (e.g. username, certificate DN), while
     * for others it may be awkward to construct a meaningful identifier. In any case credentials require some means
     * of identification for a number of cases and implementers should make a best effor to satisfy that need.
     *
     * @return Non-null credential identifier. Implementers should return {@link #UNKNOWN_ID} for cases where an ID
     * is not readily available or meaningful.
     */
    String getId();
}