David Jencks wrote: > > On Dec 21, 2006, at 1:59 PM, Alex Karasulu wrote: >
... >>> 2. The current Permission class is not a java.security.Permission. I >>> propose to rename it StringPermission (since it works on string >>> equality), extend java.security.Permission, and introduce a >>> StringPermissionCollection. BTW I don't understand why triplesec >>> Permission includes the applicationName. >> >> First off a tsec permission includes the app name because permissions >> are specific to an appication. Perm xyz only makes sense wrt the app >> that it was defined for. Does this make sense? > > No :-) > I think you are duplicating information redundantly. You'll never get > to the point of checking a permission unless you navigated to it from > the correct application. The JACC ejb and web permissions also don't > make sense outside a particular application, but they don't include the > PolicyContextId in them for this reason. > > Similarly I don't think it makes sense to have the application name in > Role nor the permissions stored directly in ldap. Ok let's make a JIRA note about removing this added information. We can still operate without the additional back referral to the application from which the role and permission come from. You're right that it is redundant. I just have to see where it's depended upon and figure out a means to not have to depend on it. ... Alex
begin:vcard fn:Alex Karasulu n:Karasulu;Alex org:Apache Software Foundation;Apache Directory adr:;;1005 N. Marsh Wind Way;Ponte Vedra ;FL;32082;USA email;internet:[EMAIL PROTECTED] title:Member, V.P. tel;work:(904) 791-2766 tel;fax:(904) 808-4789 tel;home:(904) 808-4789 tel;cell:(904) 315-4901 note;quoted-printable:AIM: alexokarasulu=0D=0A= MSN: [EMAIL PROTECTED] Yahoo!: alexkarasulu=0D=0A= IRC: aok=0D=0A= PGP ID: 1024D/4E1370F8 BBCC E8D8 8756 2D51 C3D4 014A 3662 F96F 4E13 70F8=0D=0A= x-mozilla-html:FALSE url:http://people.apache.org/~akarasulu version:2.1 end:vcard
