directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <aok...@bellsouth.net>
Subject RE: [general] Vision ( Was Vince Tence and AAA )
Date Thu, 04 Dec 2003 18:45:19 GMT
<snip/>
> Actually,  I was just referring to the vision for AAA, but thanks for

Oooops my bad!

<snip/>

> I like these ideas.  There may be some synergies with Jakarta Commons
> Codec for the Java stuff.  Here again, I agree with the program of
> starting with what Eve needs internally.

I never really looked at the commons Codec stuff but I should.  Perhaps
Rob Penoyer knew about it when he worked on snickers and can comment.

> This is a tough one.  The "backing store" is really sort of the tail of
> the dog here, and there are alternatives to Kerberos.  I would not
> necessarily want to see us tightly couple all of the AAA stuff to Kerberos

Oh I agree everything needs to be pluggable! 100%.

> (could be talked out of this).  We will need to think carefully about
> this.  I agree, however, that there could be significant value in some
> kind of ASF-provided Kerberos implementation.

It's a nice add on to an LDAP server setup used for NOS directories like 
the way AD does it today.  I have to hand it to Microsoft for building 
Kerberos 5 into Active Directory.

> I agree. The tricky bit will be how to implement what we need internally
> so that it can be reused/extracted.

We can design for this in mind and we'll definitely fall short.  Not 
will be designed with reusability in mind.  But that's what refactoring is
all about.  We can re-factor continuously and should looking for more
ways to reuse our code.  The key is to write as little code as possible 
because the more you have the more you must support.  Code replication
is the enemy.

> What we need to think carefully about is the nature of these
> "complementary relationships" and what we should take on within the
> Directory project.

+1 - think carefully to minimize scope creep.  Lots of things are cool
but we need to remember why this project was begun.

<snip/>

> > Everything should be standards based without exception.  We're not
> > here to be a standards body.  The IETF, ITU and OASIS can do that for
> > us along with the JCP.  I'm absolutely dedicated and governed by
> > standards and totally against lame brained home grown ideas unless they
> > are developed collaboratively under a healthy community.  We're not
> > there yet so let's stick to standards.
> 
> Amen to that.

Sounds like your getting religious on me Phil :-).

<snip/>

> Yes.  That's why I wanted to at least look at XACML. Another reference for
> that, btw is the Sun OSS implementation: http://sunxacml.sourceforge.net/

I definitely need to make time to take a look at that.

Alex



Mime
View raw message