avalon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MCCAY,LARRY (HP-NewJersey,ex2)" <lawrence_mccay-...@hp.com>
Subject RE: AAA Security
Date Mon, 21 Jan 2002 13:38:47 GMT
> looks good. One question though - does AuthorizationManager 
> use the standard 
> Java2 permissions model?

Yes, well at least the initial implementation would - there could be others
- as long as we use a proprietary api for abstraction.

> -----Original Message-----
> From: Peter Donald [mailto:peter@apache.org]
> Sent: Monday, January 21, 2002 4:46 AM
> To: Avalon Developers List
> Subject: Re: AAA Security
> 
> 
> On Mon, 21 Jan 2002 15:11, MCCAY,LARRY (HP-NewJersey,ex2) wrote:
> > Attached is quite a busy collaboration diagram describing 
> the interaction
> > of the potential players in the AAA implementation.
> 
> looks good. One question though - does AuthorizationManager 
> use the standard 
> Java2 permissions model?
> 
> 
> > A couple things that need to be determined - the client 
> facing api for:
> > 	1. Authentication
> > 		a. JAAS client api
> > 		b. proprietary api to abstract authentication 
> mechanism -
> > including JAAS
> >
> > 	2. Authorization
> > 		a. J2SE authorization api's
> > 		b. proprietary api to abstract implementation
> >
> > I am inclined to try and provide an abstraction through 
> proprietary api.
> >
> > With that said, I think that we need to assume the use of 
> the JAAS subject
> > as a vehicle for identity and attribute principals and 
> credentials.  The
> > subject would follow the user through the request/session 
> through the use
> > of Subject.doAs() and/or doAsPrivileged() - this basically 
> associates the
> > subject with the current thread of execution.
> >
> > Using this mechanism, we have a standard vehicle to use as 
> a security
> > context and a standard mechanism to acquire it from the 
> thread context -
> > Subject.getSubject().
> >
> > We are not obligated to use JAAS login modules or JAAS 
> policy as the only
> > mechanisms for authentication and authorization.
> >
> > Any thoughts?
> 
> Works for me. I am not real familiar with JAAS but if it is 
> useful to provide 
> an abstraction over the top then I am all for that ;)
> 
> -- 
> Cheers,
> 
> Pete
> 
> The big mistake that men make is that when they turn thirteen 
> or fourteen and
> all of a sudden they've reached puberty, they believe that 
> they like women.
> Actually, you're just horny. It doesn't mean you like women 
> any more at
> twenty-one than you did at ten.                --Jules 
> Feiffer (cartoonist)
> 
> --
> To unsubscribe, e-mail:   
> <mailto:avalon-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:avalon-dev-help@jakarta.apache.org>
> 

--
To unsubscribe, e-mail:   <mailto:avalon-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:avalon-dev-help@jakarta.apache.org>


Mime
View raw message