directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: Introducing myself
Date Thu, 01 Jan 1970 00:00:00 GMT
Hi Vince,

I'm glad you finally made an appearence :-) and at the right time too.  

> Alex and I have been in communication for several weeks discussing
> Authentication, Authorization, and Accounting (AAA) concerns. I have
> been working on a AAA framework for containers at and we saw an
> opportunity to consolidate our effotrs, by both using the directory
> server as a backend to the AAA framework and using the AAA framework as
> the basis to the directory server's security subsystem.

Yes security is a huge aspect of the server in both the ways you have 
cited.  First internally we need to implement at least authorization and
authentication for the server itself.  The authentication side is for
managing the bind operation.  The authorization side is critical for 
implementing Access Control Instructions (ACIs) in a fast efficient manner
optimized for LDAP specifically.

Once the server has some descent functionality and stability its only
a matter of time before security services are built on top of it.  
Identity managment is probably the biggest application void to be filled 
using the directory server.  It's a natural progression. 

I would like to get you involved in our discussions regarding where
authentication and client identity is established.  There is a trail
or two (on with [eve] and another without) that talks about a front
end redesign.  I discussed some security issues that need to be
thought through before continuing on perhaps you can join us in this
discussion.  It would be great to have someone with extensive security

Perhaps if other members of the list can take a brief look at your
work we can begin a process of consolidating our efforts. 

> I have been working recently on finding the best way to make the AAA
> framework both Avalon and PicoContainer compatible (Alex says I'm a Pico
> junky now) and I understood it's also a concern of Eve to run with as
> many IoC containers as possible to broaden its acceptation.

Yes the discussion of support for multiple containers began
a while back.  There's the Pico junkies like your self and 
the Avalon folks, the jContainer peeps and the Fractal fanatics
and the list goes on and on.

It looks like people both at Apache and elsewhere are interested 
in multiple containers.  Personally I wish there was only one to
make my life easier but the ideal world does not exist and you have
to take care of your users.

It would be nice to have people from multiple container efforts
work with us to make sure Eve is available to everyone who wants
to use it.  We basically want to give users the choice.  We are 
already targeting Merlin but would like to make sure the server
is eventually inter-operable with as many containers as possible.
If we can get a few folks working on Pico, Plexus, Loom, and 
Phoenix then we can make the server available for pretty much the
majority of the container user community.

> I hope we can join forces in working towards building the security
> infrastructure of Eve and making Eve compatible with other IoC
> containers variations.

Awesome! If there is any support that can be given towards these
efforts they would be much appreciated.


View raw message