geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davanum Srinivas" <>
Subject Re: AC/US /security/ related talk need (2 weeks from yesterday)
Date Fri, 24 Oct 2008 23:40:53 GMT

2 cents, how would one secure Geronimo in an enterprise scenario (say
LDAP servers) would help the admin guys i think.

-- dims

On Fri, Oct 24, 2008 at 7:07 PM, David Jencks <> wrote:
> Geronimo Security, now and coming soon
> Security can be divided into negotiation for credentials, credential
> validation, and authorization.
> First we'll look at setting up and swapping credential validation in
> geronimio, a simple process everyone has to do to secure an application.
> Then we'll look at the JACC authorization framework where the security
> constraints in the javaee deployment descriptors and annotations are
> translated into java permissions and used, together with a principal-role
> mapping, to authorize requests at runtime.  If time allows we'll look at
> swapping JACC implementations.  We'll look at extending the JACC concepts to
> other authorization decisions such as in portal frameworks.
> Finally we'll look at the upcoming JASPI support that allows pluggable
> negotiation for credentials and see how it can be used to plug openid
> authentication into a web app to replace basic or form based authentication.
> ------------
> I haven't written this yet so having lots of time to work on it would be
> great and any suggestions for improvement would be appreciated.
> thanks
> david jencks
> On Oct 23, 2008, at 9:46 AM, William A. Rowe, Jr. wrote:
>> Hello Experts,
>> the AC/US planning team has a 1hr gap in the program, of the "Security"
>> topic track 1 on Thursday 6 November.
>> Please get back to me ASAP if you have (or would like to create) a session
>> that hits one or more of the bullets below;
>> * security related
>> * ideally of some interest to admins, perhaps of interest to devs
>> * ideally related to some aspect of securing systems or apps with
>>  consideration of client vulnerabilities
>> I'd appreciate any suggestions by Sat a.m., so whomever offers
>> to pick this up a solid week+ to prepare.  Certainly by Mon a.m.
>> please?  Remember all the usual speaker benefits apply, including
>> registration, and some flight and lodging costs.
>> Bill

Davanum Srinivas ::

View raw message