On Jan 26, 2006, at 3:03 PM, David Jencks wrote:
Security
Several of us are already looking at various things to improve in
our security setup. One aspect that could probably use quite a bit
more research is how to integrate with third party security
servers. I see 2 levels of integration, one where the security
server provides a Subject and we deal with authorization based on
the principals supplied, the other where we delegate the
authorization decisions as well to the security server.
I'd love to see an integration with http://jpam.sourceforge.net/
Also, I think we should look at providing built in simple user
management apis and a console plugin. I'm thinking of something that
covers the 80% of use cases, username/password + groups, with the
ability to add, remove, modify and suspend accounts.
-dain
