geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: AC/US /security/ related talk need (2 weeks from yesterday)
Date Fri, 24 Oct 2008 23:07:15 GMT
Geronimo Security, now and coming soon

Security can be divided into negotiation for credentials, credential  
validation, and authorization.

First we'll look at setting up and swapping credential validation in  
geronimio, a simple process everyone has to do to secure an application.

Then we'll look at the JACC authorization framework where the security  
constraints in the javaee deployment descriptors and annotations are  
translated into java permissions and used, together with a principal- 
role mapping, to authorize requests at runtime.  If time allows we'll  
look at swapping JACC implementations.  We'll look at extending the  
JACC concepts to other authorization decisions such as in portal  

Finally we'll look at the upcoming JASPI support that allows pluggable  
negotiation for credentials and see how it can be used to plug openid  
authentication into a web app to replace basic or form based  

I haven't written this yet so having lots of time to work on it would  
be great and any suggestions for improvement would be appreciated.

david jencks

On Oct 23, 2008, at 9:46 AM, William A. Rowe, Jr. wrote:

> Hello Experts,
> the AC/US planning team has a 1hr gap in the program, of the  
> "Security"
> topic track 1 on Thursday 6 November.
> Please get back to me ASAP if you have (or would like to create) a  
> session
> that hits one or more of the bullets below;
> * security related
> * ideally of some interest to admins, perhaps of interest to devs
> * ideally related to some aspect of securing systems or apps with
>   consideration of client vulnerabilities
> I'd appreciate any suggestions by Sat a.m., so whomever offers
> to pick this up a solid week+ to prepare.  Certainly by Mon a.m.
> please?  Remember all the usual speaker benefits apply, including
> registration, and some flight and lodging costs.
> Bill

View raw message