Hello all,
I am hoping to propose an implementation of AAA Security functionality for
Phoenix.
Based on a breif discussion with Peter (below), the design would have a J2EE
flavor for roles-based access control.
Some of the components to make up the implementation would be:
* Identity Manager for access to user identity and attribute
information through disperate user registries.
* Pluggable Realms to abstract the underlying user registry access -
initially XMLRealm, JDBCRealm, JNDIRealm
* Role Manager for managing the mapping of identity principals to
roles/permissions
* Authority Manager for making access decisions for specific users
to specific resources
* Authentication Manager - verfies the identity of user against the
user registry - one concrete implementation would be an abstraction of the
use of JAAS.
* Auditing Manager for recording relevant security related events
* Administration interfaces to be exposed through JMX
The initial test-bed will be the AvalonDB application.
Any thoughts on this approach?
Thanks,
--Larry
> -----Original Message-----
> From: Peter Donald [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, January 13, 2002 3:36 AM
> To: Avalon Developers List
> Subject: Re: DefaultRoleManager in Cornerstone
>
>
> On Sun, 13 Jan 2002 16:08, MCCAY,LARRY (HP-NewJersey,ex2) wrote:
> > Peter,
> >
> > Is there still effort needed in the area of security?
>
> yep ;)
>
> > I would be interested in helping here.
>
> And we'd be interested in seeing you help here ;)
>
> Theres definetly some space there for you to make something
> very useful. SOme
> of the things that we have identified the need for in the past is
>
> * Identity Manager with pluggable Realms: ie basically list
> of users and
> some attributes about them (from generic attributes like
> email address to
> domain specific attributes). It would als be nice to be able to have
> pluggable realms so that we could load users from the "Unix"
> realm, NT
> domain, properties files, xml files, database, ldap etc - Of
> course you don't
> need to do this all straight away ;)
> * RoleManager: Maps users/identitys to Roles - ie Fred is an
> administrator,
> Wilma is a user
> * Authority Manager: ie does role X have permission to do Y
> * Authentication Manager: ie essentially hookup with JAAS in
> a flexible
> manner.
>
> You will notice this has a sort of J2EE flavour - this was largely
> intentional and theres probably lots more useful information
> in the J2EE
> Blueprints.
>
> I think Paul has looked at this sort of thing more recently.
> If you are up
> for having a go at this it may be interesting to integrate
> this with DB or
> the James server just to see test it out and all ;)
>
> --
> Cheers,
>
> Pete
>
> ----------------------------------------
> Why does everyone always overgeneralize?
> ----------------------------------------
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
