geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davanum Srinivas" <dava...@gmail.com>
Subject Re: AC/US /security/ related talk need (2 weeks from yesterday)
Date Fri, 24 Oct 2008 23:40:53 GMT
David,

2 cents, how would one secure Geronimo in an enterprise scenario (say
LDAP servers) would help the admin guys i think.

-- dims

On Fri, Oct 24, 2008 at 7:07 PM, David Jencks <david_jencks@yahoo.com> wrote:
> Geronimo Security, now and coming soon
>
> Security can be divided into negotiation for credentials, credential
> validation, and authorization.
>
> First we'll look at setting up and swapping credential validation in
> geronimio, a simple process everyone has to do to secure an application.
>
> Then we'll look at the JACC authorization framework where the security
> constraints in the javaee deployment descriptors and annotations are
> translated into java permissions and used, together with a principal-role
> mapping, to authorize requests at runtime.  If time allows we'll look at
> swapping JACC implementations.  We'll look at extending the JACC concepts to
> other authorization decisions such as in portal frameworks.
>
> Finally we'll look at the upcoming JASPI support that allows pluggable
> negotiation for credentials and see how it can be used to plug openid
> authentication into a web app to replace basic or form based authentication.
>
>
> ------------
> I haven't written this yet so having lots of time to work on it would be
> great and any suggestions for improvement would be appreciated.
>
> thanks
> david jencks
>
> On Oct 23, 2008, at 9:46 AM, William A. Rowe, Jr. wrote:
>
>> Hello Experts,
>>
>> the AC/US planning team has a 1hr gap in the program, of the "Security"
>> topic track 1 on Thursday 6 November.
>>
>> http://us.apachecon.com/c/acus2008/schedule/2008/11/06
>>
>> Please get back to me ASAP if you have (or would like to create) a session
>> that hits one or more of the bullets below;
>>
>> * security related
>>
>> * ideally of some interest to admins, perhaps of interest to devs
>>
>> * ideally related to some aspect of securing systems or apps with
>>  consideration of client vulnerabilities
>>
>> I'd appreciate any suggestions by Sat a.m., so whomever offers
>> to pick this up a solid week+ to prepare.  Certainly by Mon a.m.
>> please?  Remember all the usual speaker benefits apply, including
>> registration, and some flight and lodging costs.
>>
>> Bill
>>
>
>



-- 
Davanum Srinivas :: http://davanum.wordpress.com

Mime
View raw message