incubator-projects mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <>
Subject RE: user management - why bother?
Date Mon, 14 Jul 2008 03:52:26 GMT
Roland Weber wrote:

> The current Caitrin Proposal mentions user management:

> JAAS is not an API for user management. It is an API for
> authentication (check passwords) and authorization.

Have you asked what the proposal means by user management?  If it is
intended as an umbrella that covers authorization, then JAAS is a potential
fit, although we have another potential project that would also serve.

> I assume that you have a servlet container (Tomcat) or
> JEE environment (Geronimo). In that case, I would never
> try to deal with user management myself, but always leave
> that to the container.

JEE container managed security does not cover instance based authorization,
and would not address which part(s) of a gallery a given entity can access.

> It is reasonable to use an LDAP directory like the
> Apache Directory Server to manage a group of friends
> for every user. But permission checking should be left
> to the backend if possible. I don't know what JCR offers
> for that at the moment.

The fact that we might be able to defer to some other part of the system and
not use JAAS directly does not eliminate the issue of wanting fine-grained
access control on elements.

	--- Noel

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message