Hammering out a good default security setup is important for something like archiva.
There are a couple of areas that I know we could use some help on (what with there only being so many hours in a day and there being a lot of projects vying for time). plexus-security is where is this rbac security and the whole user management bit is getting overlay'd from. We need to get the webwork actions and related jsp's into gear for the dynamic role/permission/operation/resource allocations...most of the stuff is in place for that, just needs to be wired in and a good UI mechanism for it. That will immediately benefit both archiva and continuum. Another major way to help imo is continuing on the path of user stories. Decomposing the stories from your other mail into finer grained authz role/permission/operation/resource semantics would be valuable. I think one of my original mails on the subject went that deep...or at least pretty close. They say one of the best ways to work with rbac is by determining the jobs that people will be performing within the application. An example of that would be a job where 'Bob' is a developer on maven and needs to be able to publish artifacts to the org/apache/maven groupId on repository 'central'. He also needs to be able to generate reports on that groupId, validate checksums, etc...everything encompassed by that 'job'. cheers jesse On 10/21/06, Brett Porter <[EMAIL PROTECTED]> wrote:
That's great! On 22/10/2006, at 12:26 AM, Scott Ryan wrote: > I am very interested in this project and want to see it move > forward. I am > involved in many Open Source projects as a committer and > contributor but > would like to take some time to help out here and understand the > technology > so that I can add things that we might need at our company and > would benefit > the community as a whole. Is there any area that I can help out > and do you > want my help. I think a place to start might be documentation such > as an > install and configuration guide (separate guides). Also beefing > up the > information on the site to include more information about what the > project > does and the roadmap. These are all good things. Henri is actually looking at some of this stuff at the moment, so you might like to team up with him, or you might like to look in other areas of interest. There's plenty of stuff in JIRA if you want to run with it. > > Eventually I would love to add more reporting features as I love > some of the > things that are available on the http://www.mvnregistry.com/search/ > site > including the top 25 and can think of lots of other things that > would be > useful. Yep, it should be pretty straightforward to do most of these things using the Lucene index and reporting mechanism. Some of it will still need a bit more work when they get stretched, but I think the fundamentals are there. Cheers, Brett
-- jesse mcconnell [EMAIL PROTECTED]
