Re: current state of security

Thu, 27 Jun 2002 19:49:47 -0700 


Adam Rossi wrote:

>Hello. I am new to Avalon. I have read the "getting started" guide,
>downloaded Avalon and the various subprojects, studied the sourcecode,
>and tried to understand how the various components work together.
>
>I am very interested in security. The getting started guide mentions
>Guardian, but I have not been able to locate which project contains this
>class. The mail archives mention something called Fortress, but the link
>from the Avalon home page to Fortress is a dead link. The archives
>describe various security initiatives, but I can't figure out how far
>along these initiatives ever got. So I am writing this email. Please
>excuse me for the blitz of questions below; I have tried to search
>before posting.
>
>What is the current state of security in Avalon? How does it work (in
>general)?
>

The Phoenix project has some security related content - namely the 
ability to declare security policies for a particular application (set 
of components).

>Is Avalon compatible with JAAS?
>

Avalon Framework does not itself deal with security policies, 
authentication, etc. It is certainly possible to build security 
components using Avalon Franmework that leverage JASS.

>What is Guardian?
>

No idea.

>What is Fortress?
>

Nothing to do with security.
Its basically a manager of components - (a container in Avalon terminology).

>A comment: What I have seen regarding security in Avalon seems to
>concentrate more on component security, and which code should be allowed
>to execute in the server. I am interested in code security, but I am
>more interested in user-based security. How is user-based security
>implemented in Avalon? Does Avalon provide Access Control Lists or
>equivalent?
>

As far as I know thare are no security components for Avalon.  
This would be a really interesting area.

>How do I administer security?
>

There is a lot of discussion going on at the mment concerning 
meta-models for components.  Today - our sucurity policy approach is 
"application" centic - and I think it could be interesting to explore a 
more component centric model for security policy declaration at the meta 
level.

Cheers, Steve.

-- 

Stephen J. McConnell

OSM SARL
digital products for a global economy
mailto:[EMAIL PROTECTED]
http://www.osm.net




--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
























					Reply via email to