axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Daniels" <gdani...@macromedia.com>
Subject Re: cvs commit: xml-axis/java/src/org/apache/axis/security Authen ticatedUser.java SecurityProvider.java
Date Wed, 01 Aug 2001 12:43:59 GMT
I took a look at JAAS last night.

My quick impression is that it's fairly complex, and involves permissions
and policy files and signed code.  Redux: I think we should go there
eventually (probably with tooling around it to make it easier to use), but
in the 3.0 timeframe, doing something much simpler is a better plan.  Also,
if people want to build adapters from our simple security interfaces to
systems like JAAS, they are welcome to.

I will also ask our security guys today whether my impressions re: JAAS are
accurate, and what they recommend.

Thoughts / comments?

--G

----- Original Message -----
From: "Sam Ruby" <rubys@us.ibm.com>
To: <axis-dev@xml.apache.org>
Sent: Tuesday, July 31, 2001 12:45 PM
Subject: RE: cvs commit: xml-axis/java/src/org/apache/axis/security Authen
ticatedUser.java SecurityProvider.java


> Dirk-Willem van Gulik wrote:
> >
> > This is a very nice patch. I think eventually we need to go a lot more
> > fine grained. Let me check with the home office to see if I can grab
this
> > ball for a bit. Esp. when it comes to web sercurity.
>
> Before reinventing, we should investigate existing standards.  For
example:
> JAAS.  If we look at it and decide that it is not appropriate, I'm OK with
> that, but otherwise I see no value in simply reinventing for reinventing
> sake.
>
> - Sam Ruby
>


Mime
View raw message