geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ate Douma <>
Subject Re: Security for dynamic content apps -- gettogether at ApacheCon?
Date Tue, 06 Nov 2007 10:30:05 GMT
David Jencks wrote:
> I've worked a bit on integrating Roller and Jetspeed2 into Geronimo and 
> one thing that quickly becomes clear is that the authorization security 
> requirements of these "dynamic content" applications are almost 
> completely unrelated to the javaee security specifications.  One small 
> possible overlap is that the JACC spec supplies the possibility of 
> pluggable policies for authorization evaluation.
> I wondered if people would be interested in getting together to discuss 
> how app servers such as geronimo and security products such as TripleSec 
> could support these non-javaee security requirements and how much 
> commonality there might be across different types of application.  I'll 
> be at ApacheCon all week and would be happy to talk to everyone 
> individually or in an informal meeting.
I'll be at ApacheCon all week too, and definitely like to discuss these matters.
For Jetspeed 2.2 (or 2.3) we plan to revisit our current security model so this is perfect
timing for us to see how we can bring more alignment/compatibility 
with app servers and security products.

See you in Atlanta next week!



> Some of the things I've been wondering about are:
> - permission definition
> - user administration: how are users added and removed or have their 
> permissions changed.
> - resource administration: how are resources such as blogs, portal 
> pages, or portlets added or removed or have their user access changed
> - specification of "default policy" for new users and new resources: 
> e.g. when a new user signs up what can they do?
> thanks!
> david jencks
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message