geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nash Foster <nfos...@trusecure.com>
Subject RE: J2EE security
Date Tue, 12 Aug 2003 14:39:29 GMT

> I'm not clear on what you mean by the statement "rolling your own" since
> there is no reference implementation of JAAS per se, in that it is included
> in JDK1.4.  Do you mean the examples?

Sun calls their JAAS (included in the JDK) a reference implementation,
[from: http://java.sun.com/products/jaas/index-10.html]:

        Sun's 1.0 code release of JAAS is a non-commercial reference
        implementation. However, the release may be used royalty-free as
        part of commercial applications. See the software license for
        more information.

> > So, I'd suggest building 
> > one solid and secure mechanism into Geronimo and then spend 
> > effort integrating other Enterprise authentication services 
> > so he can play nice with others. Definitely a differentiator 
> > in the Enterprise.
> 
> It strikes me that these can easily be included by adding more LoginModules.

We're on the same page. My suggestion was to build 1 good LoginModule,
SRP perhaps, that doesn't require anything external to Geronimo. Then,
focus on integrating external products.

-nash



***********************************************************************
This message is intended only for the use of the intended recipient and
may contain information that is PRIVILEGED and/or CONFIDENTIAL.  If you
are not the intended recipient, you are hereby notified that any use,
dissemination, disclosure or copying of this communication is strictly
prohibited.  If you have received this communication in error, please
destroy all copies of this message and its attachments and notify us
immediately.
***********************************************************************


Mime
View raw message