Hi Scott
The relationship in JAAS is Subject--->(many)Principals. Principal == ROLE
and LOGIN. 1 Login has exactly 1 Role.
In EJB-land 1 Login can have zero to many Roles. *JAAS doesn't define a way
you can handle this*. It doesn't preclude it, but it does not define how you
do it. However there is nothing to prevent what I have proposed and Oleg is
taking up, namely separating Principal out, so it represents an EJB-login
and contains its roles. Effectively giving us Principal == Login and
Role(s).
Principal-->(many)Roles.
Edward
-----Original Message-----
From: Scott M Stark [mailto:[EMAIL PROTECTED]]
Sent: 15 December 2000 08:22
To: jBoss
Subject: Re: [jBoss-User] Security
That is correct, a Principal can be the identity of a login as in a userid
and a Principal
can be a role. Both can be associated with a Subject. This is exactly the
case in
EJB-land. Is there a specific section of the paper your in disagreement with
or think
is contradictary? Let's get the vocabularly clearly defined as it certainly
is a little loosely
used in the papers.
Please do subscribe to mailto:[EMAIL PROTECTED] as I have
made
a few comments regarding your proposal that you will want to comment on.
----- Original Message -----
From: "Kenworthy, Edward" <[EMAIL PROTECTED]>
To: "'jBoss'" <[EMAIL PROTECTED]>
Sent: Thursday, December 14, 2000 11:52 PM
Subject: RE: [jBoss-User] Security
> Hi Scott
>
> Uhm I think you're missing the point. The various JAAS papers talk about
> Principal both being a role AND a login. However in EJB-land a single
login
> can have many roles, so you can't just bundle the two together.
>
> Edward
>
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
