Based on the responses I've received I'd like to propose that I talk
with people individually early in the week and that we get together
Thursday night perhaps around 8:00 PM to discuss and see if we have
any conclusions. I'll see if I can find a location.
thanks!
david jencks
On Nov 5, 2007, at 9:12 AM, David Jencks wrote:
I've worked a bit on integrating Roller and Jetspeed2 into Geronimo
and one thing that quickly becomes clear is that the authorization
security requirements of these "dynamic content" applications are
almost completely unrelated to the javaee security specifications.
One small possible overlap is that the JACC spec supplies the
possibility of pluggable policies for authorization evaluation.
I wondered if people would be interested in getting together to
discuss how app servers such as geronimo and security products such
as TripleSec could support these non-javaee security requirements
and how much commonality there might be across different types of
application. I'll be at ApacheCon all week and would be happy to
talk to everyone individually or in an informal meeting.
Some of the things I've been wondering about are:
- permission definition
- user administration: how are users added and removed or have
their permissions changed.
- resource administration: how are resources such as blogs, portal
pages, or portlets added or removed or have their user access changed
- specification of "default policy" for new users and new
resources: e.g. when a new user signs up what can they do?
thanks!
david jencks
