portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Poeschl <mpoes...@marmot.at>
Subject Re: Informal Meeting @ Collab
Date Sun, 06 Jan 2002 14:58:28 GMT
Santiago Gala wrote:

> David Sean Taylor wrote:
> 
> <snip/>
> 
> 
>>
>> For those of you who can't make it, if you'd like to send me a list of
>> questions/issues, I'd be glad to relay your questions at the meeting.
>>
> 
> I would like to know  about the evolution of the security stuff in 
> Turbine. There are two issues that our team has problems with:
> 
> - Mixture between authentication/user management in the Turbine security 
> model. You cannot have, for instance, user information in DB, while 
> authenticating against LDAP or JAAS services. In a lot of our setups, we 
> need to have users authenticated from a corporate source, which we 
> *cannot* use to store user information. While this is relatively simple 
> to patch, having separate services for user management and 
> authentication/security would enable cleaner plugin of modules.
> 
> - Evolution towards a standard java security model. I have always 
> preferred the java.security.Principal, etc. classes for security. I 
> think we will be in trouble with the security model unless we build on 
> top of the standard java security classes. If you see my previous point, 
> ideally, authentication/security checks should be left to the servlet 
> container, while user management can be dealt with at the turbine level.
> 
> I would be interested on feed back on these issues, specially on how 
> people is working.
> 
> Thanks in advance
> 
> <snip/>


a discussion about a new security modell started at the turbine-dev list yesterday ... everyone

interessted is invited to subscribe and participate ;-)

martin


--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message