----- Original Message -----
From: "Oleg Nitz" <[EMAIL PROTECTED]>
To: "jBoss Developer" <[EMAIL PROTECTED]>
Sent: Thursday, December 14, 2000 6:18 PM
Subject: Re: [jBoss-Dev] Was: [jBoss-User] Security Walkthrough/How To/Tutorial, first
cut
> Scott,
>
> I see that your understending of security issues is much better than mine.
> So, after my answer to your question "what is security view?",
> which approach would you prefer:
> one Subject per security view or
> one Subject globally (of course, for the given user)?
> If the latter, how to distinguish Principals, which belongs to different
> security views?
> How to separate Principal-principals from Principal-roles?
> To introduce additional interface Role extending Principal?
>
I looked up the use of security view in the EJB 1.1 spec and it is just as you stated.
I would recommend one Subject per security view. Here are two use cases I would
present that require this(in my mind at least):
1. I have two applications each deployed as a separate ear. They are used by
two different business units in a company. They use a common security framework
developed by the core IT security group. Because of this, there would be no way
for both apps to be able to distinguish which Principal in a Subject belonged to
which application. Further, they use the same LoginModule because the authentication
of a user is the same, but each application passes its name to the LoginModule
because the roles and permissions of the user is a function of the application.
This is a real world security structure I dealt with at a previous company in the
finance industry.
2. I am building an ASP solution for distributed project management. The owners of a
project
are the ones who define the roles and security policies for the workflows that show up
in
their projects. A project manager from company A can have completely different
workflows,
roles and permissions than the equivalent project manager from company B. Both however
can interact with the same person. An example of this would be a Home Depot project
manager
and a Starbucks project manager both using the same sign vendor on two projects in the
same geographic area.
I have an LDAP based infrastructure that allows a user to sign in once using the same
username and credentials and participate in any number of projects. As they switch
between projects the roles, credentials and permissions of the authenticated subject
change.
