On Wed, 2002-02-06 at 20:54, Viraf Bankwalla wrote: > Hi, > > I apologize of this is not the correct forum for this > e-mail - I have just joined. What is the plan for the > security mangager ?
The goal of the security manager is to provide a completely generic (read: empty) interface for the boundery between the core of turbine and the security implementation of a given app, thus forcing as few restrictions as possible on the nature of a given security implementation. > I was hoping that Authentication, Authorization and > user management would be separate services that would > be independant of each other. I should be able to > replace the authentication module if I need to - for > example I may need to authenticate on username, > password and some other token say the IP address. I > may need to replace the user management by a component > such as the OMG Party management Spec. In addition to the generic interface it is expected that turbine 3 will contain a default implementation of security which is highly pluggable. One goal is seperation of authentication, authorization, auditing, profiling, etc, such that a user can replace any subset of the defaults with their own implementation without needing to rewrite the whole thing. Also, it may be that for your specific case you need not replace the authentication model, because based on discussions so far we're anticipating that the default implementation will already support several mechanisms. > In my mind parties are identified by a single ID. A > party may have zero or more identities and each > identity would have a set of capabilities (ACLs) > associated with them. Which is a common case, and I imagine the default security implementation will handle that. However if not, you could provide your own authentication model, your own implentation of a user/subject with multiple identities, and your own authorization model which knows how to map a subject to a permission based on it's identities and their associated ACLs. Of course, most of this is still in the speculation stage, particularly the details of the default implementation. However the empty security manager interface is being finalized now so the turbine core can move forward while security framework prototyping and discussions continue. Just my impressions anyway. --jt -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
