directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse McConnell" <jmcconn...@apache.org>
Subject Re: Google Team Edition and Triplesec
Date Sat, 09 Feb 2008 15:25:50 GMT
I am most certainly interested on it, I have talked with emmanuel and
ccustine on irc about this off and on (mostly off lately) for a while, as I
said, I have been lurking on here most recently waiting for the topic to
come up again, I read through yours and davids threads on nabble after he
and I spoke.

Joakim Erdfelt and I worked out an rbac implementation but it is not really
optimal in any sense of the word but we learned a fair amount in making it
happen for getting rbac functionality into continuum and archiva (and
devzuz's maestro for that matter).  We spent an inordinate amount of time
wedging the rbac concepts into a workable jpox setup and it was somewhat a
nightmare and I look back at it now and it is dire need of a revisit just to
support trivial things like i18n.  Getting a standard and reference
implementation together would be great.

anyway, you guys have been busy on the big bang and I have been swamped with
other things, but when its back on the table here I am up for working on it.

cheers!
jesse

On Feb 9, 2008 9:13 AM, Alex Karasulu <akarasulu@apache.org> wrote:

> Sorry for taking so long to respond I was dealing with a computer
> catastrophe here for the past few days.  More inline ...
>
> On Feb 7, 2008 1:21 PM, Jesse McConnell <jmcconnell@apache.org> wrote:
>
> > oh goodie, I have been waiting/lurking for some triplesec material to
> > crop up on this list since talking to david jencks at apachecon :)
> >
>
> I've been researching this for some time now (years) and I think the
> schema for what we need in terms of the proper resolution to support things
> like exposing policy via XACML and other policy expression languages is
> pretty clear.
>
> I would like to carve out a IETF draft specifically for this and implement
> it here after having experimented with previous ideas in Triplesec.
>
> We've had many conversations with David on this list and I think we have
> resolved some of our differences.  It's only a matter now of siting down and
> writing the schema.
>
>
> >
> > in general there seems to be a shortage of actual open source role based
> > access control implementations so any offering in this regard is good for
> > triplesec and apacheds...I am hoping to swap out the rbac implementation in
> > redback (underlying user manglement solution in use for continuum and
> > archiva in mavenlands) with something a little more standard and bullet
> > proof.
> >
>
> Excellent.  Your feedback will be most welcome and furthermore your
> welcome to join us in Triplesec development if you find the time and are
> interested.
>
>
> >
> >
> > On Feb 7, 2008 12:12 PM, Ole Ersoy <ole.ersoy@gmail.com> wrote:
> >
> > > Hey Guys,
> > >
> > > I was just reading through this article:
> > >
> > > http://news.yahoo.com/s/nm/20080207/wr_nm/google_team_software_dc_1
> > >
> > > and thought of triplesec.  From 50K feet (OK maybe a little lower) it
> > > sounds like Triplesec would be the ideal solution for managing (create,
> > > read, write, execute, etc.) groups of collaborators working on different
> > > documents.
> >
> >
> Absolutely.  We have been trying to get there but there are a few things
> we need in ADS to support efficient application of policy in an ACDF (Access
> Control Decision Function).
>
> We are also thinking of using this schema in combination with another
> authorization schema based on subschema in addition to the basic
> authorization supported by ApacheDS today.
>
> Also I think this is a great place for us to collaborate with the OpenLDAP
> folks like Howard et. al.
>
>  All the users could be stored in ADS, along with the locations of user
> > > documents, and the users could then just assign permissions using the role
> > > based hierarchy discussed.
> >
> >
> Yep that's the idea.  We'll get there.  We just need more hands on people,
> time and support.
>
>
> >   This seems to be a hot area for Google Apps, and thus presumably
> > > others will follow suit, and if triplesec were positioned as the right
> > > solution for this it could be good for all of ADS as a whole.
> >
> >
> Indeed.
>
> Thanks for the post Ole & Jesse.  Let me know if you guys have any other
> questions or are interested in chipping away at some of our issues.
>
> Regards,
> Alex
>
>


-- 
jesse mcconnell
jesse.mcconnell@gmail.com

Mime
View raw message