archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Simmons, Robert" <RSimm...@icat.com>
Subject RE: RBAC vs JASS/Roles (was: Re: Plan to migrate towards Spring?)
Date Tue, 19 Feb 2008 20:17:56 GMT
The trend to single sign on is compelling. More and more companies out
there are chosing to use LDAP as the authorization mechanism rather than
just authentication. What would be improtant to me is if I could set
user roles in LDAP and use that information to restrict deployment to
the archiva repository as well as restrict the use of the repository. I
don't have detailed knowledge of the structure of archiva itself so I
couldn't speak to how to accomplish this. 

-- Robert 

-----Original Message-----
From: Brett Porter [mailto:brett@apache.org] 
Sent: Tuesday, February 19, 2008 10:23 AM
To: archiva-dev@maven.apache.org
Subject: Re: RBAC vs JASS/Roles (was: Re: Plan to migrate towards
Spring?)


On 20/02/2008, at 4:15 AM, Simmons, Robert wrote:

> The benefit to JAAS would be easier integration with companies that 
> use LDAP to manage roles within a company.

Actually - this raises a good point - would just having this at the
WebDAV level be sufficient? I realise a lot of people are purely looking
to operate Archiva as a secured proxy and the administration features of
the webapp could be separately secured since there are often less users
needing to be set up for that.

- Brett

>
>
> -- Robert
>
> -----Original Message-----
> From: Brett Porter [mailto:brett@apache.org]
> Sent: Tuesday, February 19, 2008 9:44 AM
> To: archiva-dev@maven.apache.org
> Subject: Re: RBAC vs JASS/Roles (was: Re: Plan to migrate towards
> Spring?)
>
>
> On 20/02/2008, at 1:36 AM, Joakim Erdfelt wrote:
>
>> nicolas de loof wrote:
>>> "Integrate RedBack / Spring into Archiva."
>>>
>>> What is the advantage of redback compared to spring-security (aka
>>> "acegi") ?
>>>
>>> spring-security allready supports role-based secutiry, DB user store
>>> and "remember me".
>>>
>>> Nico.
>>>
>> Redback is an RBAC implementation.
>
> Don't forget that 80% of what Archiva uses Redback for is the web
> application user/role management.
>
>>
>> The Redback <--> Spring integration is likely to take the form of
>> another acegi authorization provider, but it's still a little early
>> yet to speculate on how this will occur.
>>
>> A more general question would be ... do we need RBAC for Archiva?
>> or can we get away with standard JAAS Roles?
>
> An even more general question would be - it works, why change it? :)
>
> - Brett
>
> --
> Brett Porter
> brett@apache.org
> http://blogs.exist.com/bporter/
>
>
>
> Confidentiality Note: This message contains information that may be  
> confidential and/or privileged. If you are not the intended  
> recipient, you should not use, copy, disclose, distribute or take  
> any action based on this message. If you have received this message  
> in error, please advise the sender immediately by reply email and  
> delete this message. Although ICAT Managers, LLC scans e-mail and  
> attachments for viruses, it does not guarantee that either are virus- 
> free and accepts no liability for any damage sustained as a result  
> of viruses.  Thank you.
>

--
Brett Porter
brett@apache.org
http://blogs.exist.com/bporter/


 
Confidentiality Note: This message contains information that may be confidential and/or privileged.
If you are not the intended recipient, you should not use, copy, disclose, distribute or take
any action based on this message. If you have received this message in error, please advise
the sender immediately by reply email and delete this message. Although ICAT Managers, LLC
scans e-mail and attachments for viruses, it does not guarantee that either are virus-free
and accepts no liability for any damage sustained as a result of viruses.  Thank you.


Mime
View raw message