Still considering myself a newbie to Turbine, I'll take your candor, Jon, as
interesting.
At any rate, I was expecting the security services provided by Turbine to
also provide methods such as getPolicy/setPolicy, getRealm/setRealm, and
also auditing functionality. I realize I neglected to include the later in
my definition of what a policy server does but this is definitely
functionality that should exist in a entity that enforces policy. How is
security auditing handled within Turbine?
One immediate question that came to my mind was if I wanted to use the
static getPolicy() method provided by the java.security.Policy object, how
would I go about doing this in Turbine if there is no inherit mechanism for
setting policies? I suppose I was looking for Turbine to provide a "Policy"
object. I'll spend more time with the AccessController/AccessControlList
objects and maybe I'll find the answers to my questions there.
My intentions were not to critize...just to inquire. I realize that Rafeal
and yourself and all the other developers working on the security service
are quite busy and may not have time for misguided policy server questions,
but I figured it was worth a shot.
--Tracy
>-----Original Message-----
>From: Jon Stevens [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, December 05, 2000 11:17 AM
>To: Turbine
>Subject: Re: Policy Server
>
>
>on 12/5/2000 7:44 AM, "Tracy Adewunmi" <[EMAIL PROTECTED]> wrote:
>
>> This doc:
>>
>http://www.ietf.org/internet-drafts/draft-ietf-policy-terminolo
>gy-01.txt
>> defines a policy server as a "marketing term" to be replaced
>by the term
>> "policy decision point" (PDP) where a PDP is an entity that
>makes policy
>> decisions for itself or for other elments that request
>policy decisions to
>> be made.
>>
>> My definition of a policy server combines several elements that are
>> referenced in the above document and is as follows:
>>
>> 1. an entity that allows security policies to be defined
>> 2. an entity that allows security policies to be retrieved
>> 3. an entity that allows groups/roles/permissions to be defined
>> 4. an entity that enforces defined security policies
>> 5. an entity that interprets security policies inter-domain
>and inter-realm
>> (where domain is defined as a set of hosts with using the
>same security
>> policy and
>> realm is defined as a set of resources grouped together
>under the same
>> security policy)
>>
>> This definition may not be all inclusive but it is how I
>understand what a
>> policy server does. I have looked at the security services
>API and I just
>> wanted to verify that what is there is *not* intended to be
>an interface for
>> the above. However, if I have misinterpreted the power of
>this service,
>> please let me know. I also wanted clarification before I
>embarked on an
>> unneeded journey.
>
>Actually, the Turbine Security system does all 5 of those
>steps and *is*
>intended to be an implementation of exactly what you are talking about.
>However, the 5th point isn't entirely implemented within
>Turbine yet, but it
>will be at some point. For now, you can emulate it with properly named
>permissions. ie: domain == permission
>
>I'm not sure how that isn't clear looking at the source code.
>
>-jon
>
>
>
>------------------------------------------------------------
>To subscribe: [EMAIL PROTECTED]
>To unsubscribe: [EMAIL PROTECTED]
>Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
>Problems?: [EMAIL PROTECTED]
>
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
