Hi, As this is my first post on this list I will introduce myself shortly. At the moment I'm a project leader of GateIn Portal (JSR 168/286 implementation). Like Shane mentioned I implemented PicketLink IDM component which is mostly an API/SPI for Identity Management - users/groups/roles related operations, LDAP and RDBMS storage support and etc. This project is currently used by portal as it's core component and was partly reused by Shane in Seam Security. Recently we were brainstorming about new iteration around IDM and Seam Security and he proposed to bring this discussion here.
On my side here is recent attempt to shape minimal API/SPI having simplicity in mind: https://github.com/picketlink/idm/tree/master/api/src/main/java/org/picketlink/idm/api https://github.com/picketlink/idm/tree/master/spi/src/main/java/org/picketlink/idm/spi Obviously I hope to get involved in DeltaSpike beyond scope of identity topic only :) Bolek On Feb 10, 2012, at 3:04 AM, Shane Bryzak wrote: > Hi guys, > > I'd like to kick off a discussion around the security features for > DeltaSpike. Originally we had planned to migrate Seam Security [1] to the > PicketLink project [2], and combine it with an updated version of PicketLink > IDM [3] to create an all-round CDI-based application security solution for > Java EE6. After a number of internal discussions, we decided that this > effort would serve the developer community much better if it were carried out > under the DeltaSpike umbrella. > > With that in mind, I'd like to introduce Bolek Dawidowicz (who has already > joined the DeltaSpike dev mailing list) who is the original author of > PicketLink IDM (for anyone that's confused about what IDM is, it stands for > IDentity Management and simply means the management of users, roles, groups > etc within an application via a well defined API). Bolek has already done > some initial design work on the API for PicketLink IDM 2.0 [4], which we are > hoping to leverage for DeltaSpike. > > I'd also like to kickstart a discussion on the more general security features > of DeltaSpike. We've already discussed @Secured and @SecurityBindingType, > however have not touched on any of the other authentication and authorization > APIs. My proposal is to largely base the design on Seam Security (code at > [5]), which is already mature and proven, and provides a robust, extensible > API for users to plug in their own authentication and authorization logic, > and also integrates very easily with federated identity services such as > OpenID, oAuth and SAML. > > At this stage we can keep the discussion on general terms, however I'm happy > to delve in deeper to any of the security APIs if anyone is interested in a > more technical discussion. > > Thanks, > Shane > > > [1] http://www.seamframework.org/Seam3/SecurityModule > [2] http://www.jboss.org/picketlink > [3] http://www.jboss.org/picketlink/IDM.html > [4] https://github.com/picketlink/idm > [5] https://github.com/seam/security
