axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Daniels" <>
Subject Re: cvs commit: xml-axis/java/src/org/apache/axis/security Authen
Date Wed, 01 Aug 2001 12:43:59 GMT
I took a look at JAAS last night.

My quick impression is that it's fairly complex, and involves permissions
and policy files and signed code.  Redux: I think we should go there
eventually (probably with tooling around it to make it easier to use), but
in the 3.0 timeframe, doing something much simpler is a better plan.  Also,
if people want to build adapters from our simple security interfaces to
systems like JAAS, they are welcome to.

I will also ask our security guys today whether my impressions re: JAAS are
accurate, and what they recommend.

Thoughts / comments?


----- Original Message -----
From: "Sam Ruby" <>
To: <>
Sent: Tuesday, July 31, 2001 12:45 PM
Subject: RE: cvs commit: xml-axis/java/src/org/apache/axis/security Authen

> Dirk-Willem van Gulik wrote:
> >
> > This is a very nice patch. I think eventually we need to go a lot more
> > fine grained. Let me check with the home office to see if I can grab
> > ball for a bit. Esp. when it comes to web sercurity.
> Before reinventing, we should investigate existing standards.  For
> JAAS.  If we look at it and decide that it is not appropriate, I'm OK with
> that, but otherwise I see no value in simply reinventing for reinventing
> sake.
> - Sam Ruby

View raw message