Hi All
There's a lot of confusion around Principals. Let me
see if I can clear it up. If I understand JAAS
correctly, Principals come into play in five aspects
of the authorization and authentication.
First, and most important for Turbine, Principals are
where Roles and Groups would be implemented.
Second, and also important for Turbine, Permissions are
connected to Principals, not directly to subjects.
Third, the Subject would have many Principals, one of
which serves as the userid.
Fourth, Principals come into play in Pluggable
Authentication Modules (PAM). This allows an
administrator of an application to choose their own
authentication technologies and policies. (LDAP, DB,
ActiveDirectory, Kerberos,...)
Fifth, Principals are used to enable a Subject to login
once and be granted access to many applications.
That's what I understand about the JAAS Principals.
The harder I look at the JAAS terminology and model,
the more it makes sense to me. That's why I keep
pushing it. I think it is fairly well thought out and
worth trying to understand.
Hopefully a picture will also help clarify:
+-------+ 1 N +---------+ 1 N +----------+
|Subject+-------+Principal+----------+Permission|
+-------+ +----+----+ +----------+
|
+-----------+---------+
| | |
+--+---+ +--+--+ +-+--+
|UserId| |Group| |Role|
+------+ +-----+ +----+
-Eric
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
