Re: RBAC vs JASS/Roles (was: Re: Plan to migrate towards Spring?)

Tue, 19 Feb 2008 09:23:43 -0800 


On 20/02/2008, at 4:15 AM, Simmons, Robert wrote:
The benefit to JAAS would be easier integration with companies that use 
LDAP to manage roles within a company.
Actually - this raises a good point - would just having this at the WebDAV level be sufficient? I realise a lot of people are purely looking to operate Archiva as a secured proxy and the administration features of the webapp could be separately secured since there are often less users needing to be set up for that. 

- Brett




-- Robert

-----Original Message-----
From: Brett Porter [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 19, 2008 9:44 AM
To: [email protected]
Subject: Re: RBAC vs JASS/Roles (was: Re: Plan to migrate towards
Spring?)


On 20/02/2008, at 1:36 AM, Joakim Erdfelt wrote:


nicolas de loof wrote:

"Integrate RedBack / Spring into Archiva."

What is the advantage of redback compared to spring-security (aka
"acegi") ?

spring-security allready supports role-based secutiry, DB user store
and "remember me".

Nico.


Redback is an RBAC implementation.


Don't forget that 80% of what Archiva uses Redback for is the web
application user/role management.



The Redback <--> Spring integration is likely to take the form of
another acegi authorization provider, but it's still a little early
yet to speculate on how this will occur.

A more general question would be ... do we need RBAC for Archiva?
or can we get away with standard JAAS Roles?


An even more general question would be - it works, why change it? :)

- Brett

--
Brett Porter
[EMAIL PROTECTED]
http://blogs.exist.com/bporter/
Confidentiality Note: This message contains information that may be confidential and/or privileged. If you are not the intended recipient, you should not use, copy, disclose, distribute or take any action based on this message. If you have received this message in error, please advise the sender immediately by reply email and delete this message. Although ICAT Managers, LLC scans e-mail and attachments for viruses, it does not guarantee that either are virus- free and accepts no liability for any damage sustained as a result of viruses. Thank you. 



--
Brett Porter
[EMAIL PROTECTED]
http://blogs.exist.com/bporter/

Reply via email to