avalon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Donald <pe...@apache.org>
Subject Re: Security - AAA implementation [was RE: DefaultRoleManager in Cor nerstone]
Date Thu, 17 Jan 2002 23:57:17 GMT
On Fri, 18 Jan 2002 10:29, MCCAY,LARRY (HP-NewJersey,ex2) wrote:
> > I'd be much keener on 'group' than 'role' per se.  A user
> > belongs to one
> > or more groups.  Groups can belong to groups.  Some groups can be
> > mandatory and considered as roles.
> > I can't remember where I first encoutered this design.
> > Nearly a decade
> > on AS/400's I guess.
>
> Perhaps, the RoleManager should really be PermissionManager - in the end a
> role can be represented by a permission collection.  A permission
> collection can be associated with any arbitrary principal, including
> identity and group principals.  Within the spirit of J2EE we can still
> support an abstraction of role-based access control - implemented without
> any actual role per se.

So Role would be another principle? In effect you would do a mapping from 
"identity" principle to "ROle" principle and then just use that? I like that.

-- 
Cheers,

Pete

-----------------------------------------------------------
 "Remember, your body is a temple; however, it's also your 
 dancehall and bowling alley"   -- Dharma Montgomery
-----------------------------------------------------------

--
To unsubscribe, e-mail:   <mailto:avalon-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:avalon-dev-help@jakarta.apache.org>


Mime
View raw message