incubator-projects mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Cymbalak <>
Subject Re: user management - why bother?
Date Fri, 11 Jul 2008 20:02:17 GMT

Again, thanks for the feedback.  My documentation skills need 
improvement apparently.

At 07:28 AM 7/11/2008, Roland Weber wrote:
>JAAS is not an API for user management. It is an API for
>authentication (check passwords) and authorization. If you
>want to provide a web service for accessing the gallery,
>I assume that you have a servlet container (Tomcat) or
>JEE environment (Geronimo). In that case, I would never
>try to deal with user management myself, but always leave
>that to the container. The container itself might use JAAS,
>but that's not a concern of the application.
>The authorization component of JAAS by default evaluates
>static policy files. That's not something you would use
>to manage list of friends.

Yep, you are completely correct.  And I can't even really tell you 
what I was thinking at the time.

>It is reasonable to use an LDAP directory like the
>Apache Directory Server to manage a group of friends
>for every user. But permission checking should be left
>to the backend if possible. I don't know what JCR offers
>for that at the moment.
>Managing the groups in the LDAP is a different problem,
>I'm not sure whether you should try to handle that at
>all as part of the photo gallery. Preferably not with
>the first shot at least. Common APIs for accessing LDAP
>are JNDI [1,2] and JLDAP [3].

I personally think that LDAP might be overkill.  To answer the 
question presented: why bother?  To be able to keep photos public, 
protected or private.  Public: anyone can view, protected: your 
friends can view, private: only you can view.  I could probably be 
convinced that user management should be a 2.0 feature but it seems 
that it could be an important part of the end user experience.

>Btw, the Caitrin Proposal currently looks more like the
>draft of a high-level architecture document rather than
>a project proposal. I guess it will need a bit more work
>to convince the Incubator folks.

Yes, which is another reason why I haven't called for a vote.  The 
proposal just isn't ready.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message