hello Jerome, On Friday 26 December 2008 20:14:02 Jerome Louvel wrote: > Hi Raif, > > This is a good start. We have a page on the developers' wiki that should > be used during this refactoring project. I have updated it based on the > issues and discussions you have selected, extending to all other I could > find. > > "Security refactoring" > http://wiki.restlet.org/developers/172-restlet/212-restlet.html > > You should create an account on the wiki, and then update the page > (section "Analysis/Synthesis", with the main points you have reported > below. See instructions to register here: > > "Restlet Wiki Site" > http://wiki.restlet.org/about/2-restlet.html
account created and Docs Author karma granted. thanks! the page as it stands is very comprehensive and IMO does not need at this stage any amendments since it already addresses all the points raised. if i could make one suggestion it would be to separate the work on the SecurityManager (and associated policy file) from the Authentication and Authorization aspects since these two tasks can be done in parallel. > Best regards, > Jerome Louvel > -- > Restlet ~ Founder and Lead developer ~ http://www.restlet.org > Noelios Technologies ~ Co-founder ~ http://www.noelios.com > > > -----Message d'origine----- > De : Raif S. Naffah [mailto:tig...@naffah-raif.name] > Envoye : jeudi 18 decembre 2008 10:34 > A : discuss@restlet.tigris.org > Objet : securing Restlet > > hello all, > > as a follow up to my original post re. contributing to the project (see > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=98 >1057), and after digesting the suggestions and responses that followed, > here's a summary of the discussion threads and issues (see list at the > end) related to the above subject i was able to find to-date. pls. let > me know if i missed, mis-interpreted, or overlooked anything pertaining > to the issue: > > * there's a recognized need for better, more pluggable authentication and > authorization (AA) capabilities within the Restlet project. > > * successful integration with both Spring Security (Acegi Security > http://acegisecurity.org/) and JSecurity (http://jsecurity.org/) were > reported. > > * the Guard class does not seem to always suit developers' needs when it > comes to integrating external security libraries to offer AA > capabilities. Filter was used successfully and Resolver was suggested for > authorization needs beyond URIs. > > * there was no direct mention about securing the Restlet library code > itself separately from users application; e.g. if using the Java SE > Security what would be a conservative security policy and permissions to > use/grant. > > * it's unclear (to me at least) whether the desired outcome is to > integrate one (of many) external security library, or build within > Restlet a "commons" layer and artifacts (configuration data) to allow > (and map to) different ones. > > > the other two subjects mentioned in the other post remain of interest to > me as well. i look forward to the input of the project maintainers. > > > references: > [D1] Spring Security Integration > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=40 >454 > > [D2] Restlet Servlet and Security > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=58 >357 > > [D3] Re: What is missing from Restlet? > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=94 >828 > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=95 >151 > > [D4] Security Issues with Dynamic Loading of Applications? > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=96 >3302 > > [I264] Support Spring Security > http://restlet.tigris.org/issues/show_bug.cgi?id=264 > > [I505] Refactor authentication and authorization > http://restlet.tigris.org/issues/show_bug.cgi?id=505 > > [I658] Add support for JSecurity > http://restlet.tigris.org/issues/show_bug.cgi?id=658 -- cheers; rsn ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=992872
signature.asc
Description: This is a digitally signed message part.
