incubator-projects mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <>
Subject Re: high level design from wiki
Date Sun, 20 Jul 2008 12:56:42 GMT
Hi Noel,

>> * Should the user management default be Apache Directory or a
>>   simple database?
> User management is ambiguous.  Are we talking about authentication?
> Authorization?  And we should probably not be dependent on a particular
> repository type.

That was the only occurrence of the term that I left in the
proposal :-) Since Apache Directory was mentioned, I found
it unambiguous there. The real choice is of course LDAP or
relational DB.

>> * How will access control be implemented?
> TBD, and it may exist at different control points, e.g., at the business
> logic level (container or component managed) and data store level
> (JCR/JackRabbit).

Good point.

>> * Will the Web service just provide data for machine to machine
>>   exchanges or will it default to human readable?
> I doubt that the "Web service" would be in any way human readable, by
> default or otherwise.


>> Access control should provide the option to mark photos as public
>> (anyone), protected (invite only), or private (just the owner).
>> Options for managing the invites for each user are LDAP or a simple
>> database. Permission checking can be implemented in the backend
>> as a Jackrabbit access manager or in an application layer. Candidate
>> technologies are JAAS and JSecurity, which both allow for pluggable
>> authentication.
> As noted above, access control (authorization) can be handled at multiple
> points.  The surface area related to authorization should be strictly
> limited, and not pervasive.

Agreed. The "or" was meant as an exclusive-or.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message