Authentation? Authoration? I think authentation is ok.
BTW, as the topic is on securtiy, I would suggest to consider adding some implements to offer the ability to control read/write of entity fields. Shi Yusen/Beijing Langhua Ltd. 在 2008-06-19四的 10:54 -0700,Adrian Crum写道: > It looks like we finally have a decent implementation for authenticating > users using LDAP - https://issues.apache.org/jira/browse/OFBIZ-811. This > will allow OFBiz installations to share user names and passwords with > the network. > > I would like to expand it further so that OFBiz user permissions can be > managed outside OFBiz - using LDAP directory management tools. It would > be very convenient in an LDAP (or Active Directory) environment to treat > OFBiz user permissions just like any other network resource. > > There are other authentication technologies that could be used this way > also - like Single Sign On, Radius, and so forth. > > In a previous discussion it was suggested we could put a "mini LDAP > server" within OFBiz to accomplish this. The concept is to have a > network's LDAP server forward requests to OFBiz. OFBiz would then serve > its data in LDAP form. > > At first I thought that was a great idea, but now I'm not so sure. I > believe it would be better to consolidate authentication and permission > checking, and then make the whole thing "swap-able." An OFBiz > installation could then swap OFBiz's entity-based user authentication > and permission checking with some other technology - like LDAP, SSO, etc. > > The problem with implementing something like this is the way user > authentication and user permissions checking are handled in the existing > code. The two are separate - handled by separate classes in separate > components. In addition, the CRUD services for permissions are in a > third component. Clearly, there needs to be some consolidation. > > At the least, we need to have the org.ofbiz.security.Security interface > expanded to have an authentication method and methods for permissions > CRUD operations. Each authentication technology could then have its own > implementation of the interface. An OFBiz installation could be > configured to use any of the available technologies using the > security.context property in the security.properties file. > > What do you think? > > -Adrian
