Return-Path: Delivered-To: apmail-roller-commits-archive@www.apache.org Received: (qmail 81718 invoked from network); 19 Feb 2008 16:04:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Feb 2008 16:04:38 -0000 Received: (qmail 13651 invoked by uid 500); 19 Feb 2008 16:04:33 -0000 Delivered-To: apmail-roller-commits-archive@roller.apache.org Received: (qmail 13622 invoked by uid 500); 19 Feb 2008 16:04:33 -0000 Mailing-List: contact commits-help@roller.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@roller.apache.org Delivered-To: mailing list commits@roller.apache.org Received: (qmail 13587 invoked by uid 99); 19 Feb 2008 16:04:33 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Feb 2008 08:04:33 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [63.246.22.44] (HELO atlassian01.managed.contegix.com) (63.246.22.44) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Feb 2008 16:03:47 +0000 Received: from atlassian01.managed.contegix.com (atlassian01.managed.contegix.com [127.0.0.1]) by atlassian01.managed.contegix.com (Postfix) with ESMTP id E20992F00F1 for ; Tue, 19 Feb 2008 10:04:07 -0600 (CST) Message-ID: <71548396.1203437047923.JavaMail.j2ee@atlassian01.managed.contegix.com> Date: Tue, 19 Feb 2008 10:04:07 -0600 (CST) From: "David Jencks (JIRA)" To: commits@roller.apache.org Subject: [Roller-JIRA] Commented: (ROL-1680) Security proposal In-Reply-To: <87075238.1203410348148.JavaMail.j2ee@atlassian01.managed.contegix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ http://opensource.atlassian.com/projects/roller/browse/ROL-1680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_14286 ] David Jencks commented on ROL-1680: ----------------------------------- Patch is against current trunk, now at rev 629136. > Security proposal > ----------------- > > Key: ROL-1680 > URL: http://opensource.atlassian.com/projects/roller/browse/ROL-1680 > Project: Roller > Issue Type: Bug > Components: Authentication, Roles and Access Controls > Affects Versions: 4.1 > Reporter: David Jencks > Assignee: Roller Unassigned > Attachments: ROLLER-1680-1.patch > > > Goals here are: > 1. Separate access control decisions from user/permission administration. > 1.a. separate permissions from any particular permission storage model > 1.b. use a jacc-like interface for access control decisions, involving submitting a test permission to a security service. > 2. Hide the authentication decisions and how the current user is tracked from the business logic. > See discussion thread on the dev list. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/roller/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira