geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Security for dynamic content apps -- gettogether at ApacheCon?
Date Mon, 05 Nov 2007 17:12:29 GMT
I've worked a bit on integrating Roller and Jetspeed2 into Geronimo  
and one thing that quickly becomes clear is that the authorization  
security requirements of these "dynamic content" applications are  
almost completely unrelated to the javaee security specifications.   
One small possible overlap is that the JACC spec supplies the  
possibility of pluggable policies for authorization evaluation.

I wondered if people would be interested in getting together to  
discuss how app servers such as geronimo and security products such  
as TripleSec could support these non-javaee security requirements and  
how much commonality there might be across different types of  
application.  I'll be at ApacheCon all week and would be happy to  
talk to everyone individually or in an informal meeting.

Some of the things I've been wondering about are:

- permission definition
- user administration: how are users added and removed or have their  
permissions changed.
- resource administration: how are resources such as blogs, portal  
pages, or portlets added or removed or have their user access changed
- specification of "default policy" for new users and new resources:  
e.g. when a new user signs up what can they do?

thanks!
david jencks


Mime
View raw message