cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giacomo Pati <Giacomo.P...@pwr.ch>
Subject Re: Cocoon 2.0: proposed battleplan
Date Sun, 09 Apr 2000 19:58:37 GMT
Pierpaolo Fumagalli wrote:
> 
> - Turbine-Like Generator: (Giacomo Pati)
>     Still need some feedback on this.

Ok, I will try to explain. 

As Jeremy mentioned about forms on Fri, 7 Apr 2000 10:17:19:
>
> It seems to me that we can and should get on with a solution now, 
> that will provide XML markup for defining the rendering and 
> handling of forms, outputing to standard HTML.
> In short, an xml:form TagLib for Cocoon!

Form handling normaly has two steps. 
1. Put out the form to the requestor/browser
2. Process the data entered into the form and decide if the next
   form/report/whatever should be shown or a message describing
   the error together with the form by 1. is reshown.

If we can handle this with a xsp taglib, that's ok for me. So Turbine is
not a must for that.

First some background information: I am working on a big project
(approx. 70 peoples involved) to build a common platform for data
warehousing (you know, stuff like sun starfire, oracle database, etc.).
Our group is faced with data reporting and the question about security.
Security has two main aspects: authentication and authorisation. 

In an intranet authentication can be easily accomplished with X509
certificate (if you are able to run your own Public Key Infrastructure
and Certification Authority because we will have about 20'000 potetial
users). In the internet this is not that easy. So you have to work with
a usual userid/password system for that. Turbine will support such a
model and keeps track of user sessions. 

Authorisation is a much harder thing to deal with. Turbine offers a
user->role->permission model to make application aware of it by so
called Accesslists which contains the role an permission a requesting
user has. With this Accesslist a application can decide if access to
specific data (be it reports or forms) is allowed.

If one of the xsp cracks here on the list can show me that such a system
can be easily build with xsp and taglibs I will forget about Turbine and
use that specific taglib to controll access to specific
data/urls/forms/reports of the user requesting a session with the cocoon
system.
 
Giacomo

-- 
PWR Organisation & Entwicklung            Tel:   +41 (0)1 856 2202
Giacomo Pati                              Fax:   +41 (0)1 856 2201
Hintereichenstrasse 7                     Mailto:Giacomo.Pati@pwr.ch
CH-8166 Niederweningen                    Web:   http://www.pwr.ch

Mime
View raw message