David Jencks wrote:
I've worked a bit on integrating Roller and Jetspeed2 into Geronimo and
one thing that quickly becomes clear is that the authorization security
requirements of these "dynamic content" applications are almost
completely unrelated to the javaee security specifications. One small
possible overlap is that the JACC spec supplies the possibility of
pluggable policies for authorization evaluation.
I wondered if people would be interested in getting together to discuss
how app servers such as geronimo and security products such as TripleSec
could support these non-javaee security requirements and how much
commonality there might be across different types of application. I'll
be at ApacheCon all week and would be happy to talk to everyone
individually or in an informal meeting.
I'll be at ApacheCon all week too, and definitely like to discuss these matters.
For Jetspeed 2.2 (or 2.3) we plan to revisit our current security model so this is perfect timing for us to see how we can bring more alignment/compatibility
with app servers and security products.
See you in Atlanta next week!
Regards,
Ate
Some of the things I've been wondering about are:
- permission definition
- user administration: how are users added and removed or have their
permissions changed.
- resource administration: how are resources such as blogs, portal
pages, or portlets added or removed or have their user access changed
- specification of "default policy" for new users and new resources:
e.g. when a new user signs up what can they do?
thanks!
david jencks
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
