geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Security for dynamic content apps -- gettogether at ApacheCon?
Date Fri, 09 Nov 2007 22:15:20 GMT
Based on the responses I've received I'd like to propose that I talk  
with people individually early in the week and that we get together  
Thursday night perhaps around 8:00 PM to discuss and see if we have  
any conclusions.  I'll see if I can find a location.

thanks!
david jencks

On Nov 5, 2007, at 9:12 AM, David Jencks wrote:

> I've worked a bit on integrating Roller and Jetspeed2 into Geronimo  
> and one thing that quickly becomes clear is that the authorization  
> security requirements of these "dynamic content" applications are  
> almost completely unrelated to the javaee security specifications.   
> One small possible overlap is that the JACC spec supplies the  
> possibility of pluggable policies for authorization evaluation.
>
> I wondered if people would be interested in getting together to  
> discuss how app servers such as geronimo and security products such  
> as TripleSec could support these non-javaee security requirements  
> and how much commonality there might be across different types of  
> application.  I'll be at ApacheCon all week and would be happy to  
> talk to everyone individually or in an informal meeting.
>
> Some of the things I've been wondering about are:
>
> - permission definition
> - user administration: how are users added and removed or have  
> their permissions changed.
> - resource administration: how are resources such as blogs, portal  
> pages, or portlets added or removed or have their user access changed
> - specification of "default policy" for new users and new  
> resources: e.g. when a new user signs up what can they do?
>
> thanks!
> david jencks
>


Mime
View raw message