archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joakim Erdfelt <joa...@erdfelt.com>
Subject RBAC vs JASS/Roles (was: Re: Plan to migrate towards Spring?)
Date Tue, 19 Feb 2008 14:36:51 GMT
nicolas de loof wrote:
> "Integrate RedBack / Spring into Archiva."
>
> What is the advantage of redback compared to spring-security (aka "acegi") ?
>
> spring-security allready supports role-based secutiry, DB user store and
> "remember me".
>
> Nico.
>   
Redback is an RBAC implementation.

RBAC at NIST - http://csrc.nist.gov/groups/SNS/rbac/
RBAC FAQ - http://csrc.nist.gov/groups/SNS/rbac/faq.html
RBAC on Wikipedia - http://en.wikipedia.org/wiki/RBAC

Spring and Acegi do not have an RBAC implementation.

The Redback <--> Spring integration is likely to take the form of 
another acegi authorization provider, but it's still a little early yet 
to speculate on how this will occur.

A more general question would be ... do we need RBAC for Archiva?  or 
can we get away with standard JAAS Roles?

- Joakim

Mime
View raw message