tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Troy Poppe <>
Subject Re: config diag, etc
Date Wed, 04 Aug 1999 22:26:51 GMT
> my thoughts on security was, assuming http/s cgi compliant protocol,
> use a cookie or url-rewriting scheme (hence the servlet "candidate
> implemenation" bubble in the config service quadrant).

Can we safely assume that there is an implementation of http/s for
all admin tool platforms? (ie. J2SE)  We can't really say, go buy an
SSL implementation to use our configuration service safely.

> if/when we go with alternative means by which to interact with
> a config service we'll need to understand and address the security
> issues specific to that protocol.

I think when I wrote that I was refering to using the authorization to
access LDAP entries, or DMS entries from a non-generic (anonymous) account.

> > > > > 4. What data structure/model we want to use. That seems to be clear
> > > > > James document, if everyone agree we can clear this item.
> > > >
> > > > What exactly are you saying here? I don't quite understand what you mean
> > > > by data structure/model.
> > >
> > > DTD.
> > 
> > This hasn't been decided yet either.... There was a bit of discussion, and I don't
> > remember a resolution to this. (was there?)
> i believe there is concensus that the initial format should be
> xml/dtd initially while looking at using alternative xml formats
> (eg rdf, schema) as appropriate. bigger picture, i believe we can
> support "pass through" and translations of data on the "config
> service" side of the equation but my hunch is that at the offset
> it is best to leave data translations to the clients. put another
> way, i don't think we necessarily want to create a "config rosetta
> stone" service at the early stages.

I stand corrected then :)

- Troy

View raw message