geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Blevins <>
Subject Re: Security stuff
Date Wed, 12 May 2004 20:47:16 GMT
On Wed, May 12, 2004 at 08:00:36PM +0200, Greg Wilkins wrote:
> So what I think I need to understand JACC - is a motivation for it?
> What is it trying to do? why? and for who?  If anybody has some
> example uses - that would be a great help, as I find the spec
> impossible - it is so busy giving the details of how - any mention
> of why is totally lost (at least for me).  

I think you are expecting too much from JACC, it really is nothing
more than those 5 or so new permissions objects coupled with a funky
way of funnelling in the data from the web.xml|ejb-jar.xml at deploy

The only value add it can possibly give is that the mapping of
security-roles to actual security roles in the target security system.
Even that is a little thin as it doesn't even provide users or
implementors with a standard way of doing that; it just moves the job
somewhere else.

This could be useful if a half dozen really good, vendor-agnostic,
implementations show up for LDAP, Kerberos, and the like and become
the "de facto" providers that everyone is comfortable with and
therefore "feel" standard.  Is that likely to happen?  No.

Your suspicions are right, it's a heap.  The emperor is wearing a sock
at best, maybe two.

We just need to get on with the show asap as this holding up security
integration for all the projects and certification. 


View raw message