At ApacheCon several of us got together to discuss security in
Geronimo. These are my recollections, please expand/contradict/
modify what I forgot or got wrong.
People: Alan Cabrera, David Jencks, Kresten Krab Thorup, Hiram
Chirino, Simon Godik (Others ???)
Problems with the current implementation:
- Distinction between client-side and server-side login modules is
too hard to understand and too ad-hoc: security assertions are a
better, standard, and more comprehensible way of getting the same
functionality.
- The LoginModule wrapping a set of login modules serves little purpose.
Things we like and want to generalize somehow:
- We'd like to extend the variety of approaches represented in the
CORBA csiv2 model to other transports and contexts beyond CORBA
How we might get there:
Simon gave us some hints about SAML and XACML and IIUC pointed out
that most of the basic ideas we need are worked out in detail in
these specs and that we can implement these ideas without necessarily
relying on the xml-centered implementation called for in the specs.
In particular SAML extensively discusses security assertions which
are a more powerful and systematic way of dealing with both the
client/server login module problems and the information dealt with by
csiv2. My current and very limited understanding is that SAML
indicates what kind of security assertions can be made and how to
transfer them between systems. XACML provides a framework in which
(among many many other things) these security assertions can have
effects on authentication and authorization decisions
Since ApacheCon I've started looking into XACML and SAML a tiny bit
and although I am not thrilled by the pointy brackets I think this is
an avenue we should investigate thoroughly. I think it can
definitely provide the flexibility we want in the security model: I
think the challenge will be making the configuration comprehensible
and the implementation fast. From my very brief study it looks like
XACML will provide a framework in which authorization rules that
include the request info provided by JACC can be evaluated. I'm not
sure what else it will bring us :-)
Many thanks,
david jencks
