From directory-dev-return-3199-apmail-incubator-directory-dev-archive=incubator.apache.org@incubator.apache.org Fri Dec 17 22:23:19 2004 Return-Path: Delivered-To: apmail-incubator-directory-dev-archive@www.apache.org Received: (qmail 19465 invoked from network); 17 Dec 2004 22:23:18 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 17 Dec 2004 22:23:18 -0000 Received: (qmail 84433 invoked by uid 500); 17 Dec 2004 22:23:17 -0000 Delivered-To: apmail-incubator-directory-dev-archive@incubator.apache.org Received: (qmail 84353 invoked by uid 500); 17 Dec 2004 22:23:17 -0000 Mailing-List: contact directory-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list directory-dev@incubator.apache.org Received: (qmail 84315 invoked by uid 99); 17 Dec 2004 22:23:15 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from synntm8.optimumgroup.com (HELO synntm8.mtl.optimumgroup.com) (207.236.211.98) by apache.org (qpsmtpd/0.28) with ESMTP; Fri, 17 Dec 2004 14:22:05 -0800 Received: by synntm8.mtl.optimumgroup.com with Internet Mail Service (5.5.2658.3) id ; Fri, 17 Dec 2004 17:05:57 -0500 Message-ID: <777DDD941E46D41181B300508BAE014F091E7DC7@synntm8.mtl.optimumgroup.com> From: =?iso-8859-1?Q?=22Tenc=E9=2C_Vincent=22?= To: "'directory-dev@incubator.apache.org'" Subject: [Janus] Status Date: Fri, 17 Dec 2004 17:05:49 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2658.3) Content-Type: text/plain; charset="iso-8859-1" X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Hi all, Good news! Janus has reached its objectives for a first release. The objectives for this first release are to layout the general concepts of the framework and to provide sufficient implementations for real usage. Since I believe barely anybody knows what Janus is about, I will take a moment of your time to try explain what it's all about. Janus is a security framework, dealing with Authentication, Authorization and Accounting concerns. Janus aims to make it easier and cheaper to integrate security into an application. With that in mind, a set of APIs and common abstractions are provided with a set of default implementations (JDBC, Hibernate, LDAP, ...). Of course it's based on a POJO model that integrates nicely with most of the IoC containers out there. Janus is still under heavy development, but we've reached an interesting stage where sufficient implementation is provided to use in a real project (at least, I believe so ;-)). Currently, it's weighting over 100+ classes with around 50 classes for test. Here's a list of what's there so far: - Username password authentication - Memory authentication realm - Memory group provider - Memory role provider - Rule based authorization system - XML frontend for memory realms - XML frontend for group providers - XML frontend for role providers - Pluggable XML frontend for policies - Read-only JDBC realm backend The interesting stuff here is the pluggable authentication mechanism and the rule-based authorization policy mechanism. One of the next objective is to demonstrate the power of the rule based approach for policy definition by supporting rule definitions in Groovy. Of course, APIs are by no means frozen yet, and are subject to change if necessary. But I guess the general mechanism won't change a lot. Let me try to explain: The idea is that we go through 4 steps to provide a proper security model: 1. Authentication, where a subject is identified and authenticated through pluggable authentication methods 2. Gathering, where the subject is populated with Principal attributes that provide information to the authorization rules 3. Authorization, where security rules are applied when a subject requests a permission to do an operation on a resource) In parallel, operations that occur during the process generates events that are processed for Auditing (EventBus will be a nice fit here). Currently, there'a almost no docs available (no javadoc, no nothing) but tests provide a good insight of how things work if you're interested. Along with the groovy engine, the objective of the next release is to provide an example application. I am thinking of a small webapp using picocontainer and dynaop (or my own proxy library). If I can make it (which I doubt due to christmas coming) I'd like that example webapp to make the first release. We'll see ... After that, I'd like to look at some of Eve requirements in terms of security (Alex?) to see if Janus can do the job and what's needed. - Vincent