"Bielby, Randy J." <[EMAIL PROTECTED]> wrote:
> Is this proposal being presented in such a way as to allow authorization
> from an external source such as LDAP. It is mentioned here that role-based
> authorization is a necessity if Jetspeed is to be run inside a company. In
> conjunction with that the mentioned API should provide a level of
> abstraction as to allow the authorization source be one of many types, xml,
> ldap, relational, etc.
Yes, this is one of the reasons jetspeed uses turbine. The
authorization/authentication is already abstracted in turbine. The current
default implementation is to use a sql backend to store this information. It
may be changed. There is talk on the turbine list of some needed an ldap
backend. For example, we have our turbine back-end hitting our NT domain.
Usernames/passwords are authenticated against nt. The goups on nt map to
roles/permissions on turbine. This in turn means that jetspeed
authenticates/authorizes against NT also. Very nice and simple.
jb
Jeff Brekke
mailto:[EMAIL PROTECTED]
http://sites.netscape.net/ekkerbj
____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at
http://home.netscape.com/webmail
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
