Unfortunately I'm not going to be going to ApacheCon's in the US but to the EU ones from now on. However I would love to either get a summary or partake in the discussion if someone can ping me from IRC or via skype. This is something I think will benefit us all. Thanks David for driving these talks.
Alex On 11/5/07, David Jencks <[EMAIL PROTECTED]> wrote: > > I've worked a bit on integrating Roller and Jetspeed2 into Geronimo > and one thing that quickly becomes clear is that the authorization > security requirements of these "dynamic content" applications are > almost completely unrelated to the javaee security specifications. > One small possible overlap is that the JACC spec supplies the > possibility of pluggable policies for authorization evaluation. > > I wondered if people would be interested in getting together to > discuss how app servers such as geronimo and security products such > as TripleSec could support these non-javaee security requirements and > how much commonality there might be across different types of > application. I'll be at ApacheCon all week and would be happy to > talk to everyone individually or in an informal meeting. > > Some of the things I've been wondering about are: > > - permission definition > - user administration: how are users added and removed or have their > permissions changed. > - resource administration: how are resources such as blogs, portal > pages, or portlets added or removed or have their user access changed > - specification of "default policy" for new users and new resources: > e.g. when a new user signs up what can they do? > > thanks! > david jencks > >