Geronimo Security, now and coming soon
Security can be divided into negotiation for credentials, credential
validation, and authorization.
First we'll look at setting up and swapping credential validation in
geronimio, a simple process everyone has to do to secure an application.
Then we'll look at the JACC authorization framework where the security
constraints in the javaee deployment descriptors and annotations are
translated into java permissions and used, together with a principal-
role mapping, to authorize requests at runtime. If time allows we'll
look at swapping JACC implementations. We'll look at extending the
JACC concepts to other authorization decisions such as in portal
frameworks.
Finally we'll look at the upcoming JASPI support that allows pluggable
negotiation for credentials and see how it can be used to plug openid
authentication into a web app to replace basic or form based
authentication.
------------
I haven't written this yet so having lots of time to work on it would
be great and any suggestions for improvement would be appreciated.
thanks
david jencks
On Oct 23, 2008, at 9:46 AM, William A. Rowe, Jr. wrote:
Hello Experts,
the AC/US planning team has a 1hr gap in the program, of the
"Security"
topic track 1 on Thursday 6 November.
http://us.apachecon.com/c/acus2008/schedule/2008/11/06
Please get back to me ASAP if you have (or would like to create) a
session
that hits one or more of the bullets below;
* security related
* ideally of some interest to admins, perhaps of interest to devs
* ideally related to some aspect of securing systems or apps with
consideration of client vulnerabilities
I'd appreciate any suggestions by Sat a.m., so whomever offers
to pick this up a solid week+ to prepare. Certainly by Mon a.m.
please? Remember all the usual speaker benefits apply, including
registration, and some flight and lodging costs.
Bill
