geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cabrera, Alan" <Alan.Cabr...@reuters.com>
Subject RE: Apache Geronimo Security
Date Tue, 28 Oct 2003 16:49:59 GMT
I'm starting to change my mind.  I'm thinking we can use SASL to create a
secure connection and from there, the login negotiation can take place.

> -----Original Message-----
> From: Edward Flick [mailto:directrix1@yahoo.com] 
> Sent: Tuesday, October 28, 2003 10:44 AM
> To: geronimo-dev@incubator.apache.org
> Subject: RE: Apache Geronimo Security
> 
> 
> Kewl, well I'm glad I'm not the only that see's the
> usefulness in a recursive solution.  I always thought
> that using just rolenames, was just a hack to an
> obviously recursive problem.
> 
> Man, sounds like an awesome LoginModule I would sure
> like to see it.  License (Apache, GPL, LGPL?).  Do you
> have any comments on the SASL vs. GSSAPI debate?
> 
> Edward
> 
> --- Kevin Conner <Kevin.Conner@orchard-systems.co.uk>
> wrote:
> > I hope you two don't mind me adding something to the discussion, I 
> > hope it is pertinent.
> > 
> > I have a login module that does something similar to
> > what it being proposed
> > by Edward,
> > the recursive mapping of the role principals until
> > no more mapping can be
> > performed.
> > Associated with each of these roles are properties
> > that are used to fine
> > tune the
> > security or provide general user properties (the
> > user principal also has
> > associated
> > properties).
> > 
> > I was asked to implement this because our clients
> > required a hierarchical
> > approach
> > to security; they wanted the ability to specify a
> > role in terms of other
> > roles.
> > 
> > This has worked very well in our environment and our 
> customers heavily 
> > use this capability, mapping the roles onto their own
> > organisational structure.
> > 
> > IMHO the login module is the best place for this
> > mapping, for performance
> > reasons
> > if no other, and it would be easy to abstract the
> > recursive nature into a
> > base class.
> > I also agree, again IMHO, that the login module is
> > the best place because
> > the JAAS
> > framework delegates this responsibility to the login
> > module.
> > 
> > Once again, I hope you don't mind this intrusion.
> > 
> > 	Kev
> 
> =====
> Edward Flick
> Enterprise Applications Designer / Database Administrator / 
> Web Administrator CDF, Inc.
> 
> __________________________________
> Do you Yahoo!?
> Exclusive Video Premiere - Britney Spears 
> http://launch.yahoo.com/promos/britneyspears/
> 


---------------------------------------------------------------- 
      Visit our Internet site at http://www.reuters.com 

Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit <http://www.reuters.com/messaging> 

Any views expressed in this message are those of  the  individual sender,
except  where  the sender specifically states them to be the views of The
Reuters Group.

Mime
View raw message