Return-Path: Delivered-To: apmail-jakarta-jetspeed-user-archive@apache.org Received: (qmail 15856 invoked from network); 4 Dec 2001 22:14:45 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 4 Dec 2001 22:14:45 -0000 Received: (qmail 20862 invoked by uid 97); 4 Dec 2001 22:14:47 -0000 Delivered-To: qmlist-jakarta-archive-jetspeed-user@jakarta.apache.org Received: (qmail 20811 invoked by uid 97); 4 Dec 2001 22:14:46 -0000 Mailing-List: contact jetspeed-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Jetspeed Users List" Reply-To: "Jetspeed Users List" Delivered-To: mailing list jetspeed-user@jakarta.apache.org Received: (qmail 20800 invoked from network); 4 Dec 2001 22:14:46 -0000 Message-Id: <5.1.0.14.0.20011204171021.0314c690@dns1.rhoderunner.com> X-Sender: rhodespc@dns1.rhoderunner.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 04 Dec 2001 17:14:11 -0500 To: "Jetspeed Users List" , "Jetspeed Users List" From: Phillip Rhodes Subject: Re: JS Groups-Roles-Permissions In-Reply-To: <000501c17832$0ea2e920$cd03510a@netfish.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Hey I am ready to get going on the enhanced security model. I am going to read the proposed security model referred to below. Should we do the security changes within the context of the turbine project, or in jetspeed? Who else is interested in participating? Should we take future discussions off-line? Ripping to go! At 09:28 AM 11/28/2001 -0800, David Sean Taylor wrote: >We did some work on the Jetspeed security features a while back: >- added role-based security for registry entries >- security maintenance portlets for users, roles, groups >- permission checks to access portlets > >One thing I personally find outstanding is that we could add better secured >access to psml pages. > >Others on the list have had proposals about how security 'should' work, but >its often difficult to find a consensus. The role-based security approach >based on the turbine security model has some loopholes. I believe a better >security model would be one like the one described in the security proposal >by the SAP developers in the cvs under /proposals/0004.txt. >(I just read that SAP bought TopTier - a commercial portal ) >however the proposed security model would take a larger development effort. > >----- Original Message ----- >From: "ICM S Op Guest 5" >To: "Jetspeed Users List" >Sent: Wednesday, November 28, 2001 7:55 AM >Subject: JS Groups-Roles-Permissions > > > > Hi, > > > > is there anybody working on these? > > Is there a scheme or a structure available which shows how this is >planned/should be implemented for/into jetspeed? > > > > Andreas > > > > -- > > To unsubscribe, e-mail: > > > For additional commands, e-mail: > > > > > > > > >-- >To unsubscribe, >e-mail: >For additional commands, e-mail: > -- To unsubscribe, e-mail: For additional commands, e-mail: