geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: Security for dynamic content apps -- gettogether at ApacheCon?
Date Mon, 05 Nov 2007 17:32:11 GMT
Unfortunately I'm not going to be going to ApacheCon's in the US but to the
EU ones
from now on.  However I would love to either get a summary or partake in the
discussion
if someone can ping me from IRC or via skype.  This is something I think
will benefit us
all.  Thanks David for driving these talks.

Alex

On 11/5/07, David Jencks <david_jencks@yahoo.com> wrote:
>
> I've worked a bit on integrating Roller and Jetspeed2 into Geronimo
> and one thing that quickly becomes clear is that the authorization
> security requirements of these "dynamic content" applications are
> almost completely unrelated to the javaee security specifications.
> One small possible overlap is that the JACC spec supplies the
> possibility of pluggable policies for authorization evaluation.
>
> I wondered if people would be interested in getting together to
> discuss how app servers such as geronimo and security products such
> as TripleSec could support these non-javaee security requirements and
> how much commonality there might be across different types of
> application.  I'll be at ApacheCon all week and would be happy to
> talk to everyone individually or in an informal meeting.
>
> Some of the things I've been wondering about are:
>
> - permission definition
> - user administration: how are users added and removed or have their
> permissions changed.
> - resource administration: how are resources such as blogs, portal
> pages, or portlets added or removed or have their user access changed
> - specification of "default policy" for new users and new resources:
> e.g. when a new user signs up what can they do?
>
> thanks!
> david jencks
>
>

Mime
View raw message