Hi everyone,
I find myself in need of a sanity check in my efforts to get both
authentication and authorization working at the Fedora Commons level via LDAP
so I thought I'd take a moment and ask the Fedora community at large how they
are approaching this problem (or avoiding it completely). What I am attempting
to do is find a way to somehow integrate Fedora and LDAP in a way that group
memberships can be used by XACML to determine if is access requests to objects
and data streams is granted or not. To date I haven't seen any documentation on
the web that states that this approach is impossible but I unfortunately lack
the working experience with JAAS, XACML and JAVA to know if I am attempting to
implement an approach that makes absolutely no sense at all. Increasingly it is
looking as if this plan might be far more trouble than it is worth and I'm
curious as to how other organizations have implemented authentication and
authorization for Fedora.
Is authentication and authorization being handled at your organization by the
display layer code or are you handling it through some other method, perhaps at
the web server level? Is anyone moving beyond using just the included JAAS
authentication modules, perhaps handling authorization elsewhere (aside from
the tomcat-users.xml or equivalent file)?
Rick
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
