On Fri, Jan 10, 2003 at 05:28:48PM +1100, Paul Smith wrote: > I think your design of the security framework is first rate. What I am not > sure about, and as I said before it probably related to my lack of clear > understanding of JAAS, is that your framework (can) effectively "wrap" JAAS. > If Sun is pushing JAAS as their "security" architecture, wouldn't it be > better for your framework to effectively _BE_ the JAAS implementation. That > way Turbine could be seen to be JAAS compatible (always nice to promote > standards), and your framework is the actual guts of it.
Unless Dan or someone more intimate with JAAS corrects me, I really don't see how JAAS fits into the Turbine picture. >From the tidbits I picked up on the Sun site, JAAS is authentication/authorization framework for the likes of rlogin/SSH/telnet/Kerebos/etc. For users logging into boxes to get terminals/files/etc. Not for applications doing tens/hundreds/thousands of authentications/authorizations per second as users hit a web application or similar service. Unless that is what Dan envisions his framework being; e.g. a Fulcrum/Turbine interface that interacts with enterprise systems and the like. But I was fairly sure it was offered as a replacement for the current security framework for merely checking against a JDBC/XML source whether a user has access to X or Y. I looked at Dan's framework for about as long as I looked at the JAAS stuff, so I could be wrong. And not long enough to make a good judgement call on the quality of Dan's framework, other than I really appreciate the effort as the current solution works well, but could be a better. - Stephen -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
