I'm starting to change my mind. I'm thinking we can use SASL to create a secure connection and from there, the login negotiation can take place.
> -----Original Message----- > From: Edward Flick [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 28, 2003 10:44 AM > To: [EMAIL PROTECTED] > Subject: RE: Apache Geronimo Security > > > Kewl, well I'm glad I'm not the only that see's the > usefulness in a recursive solution. I always thought > that using just rolenames, was just a hack to an > obviously recursive problem. > > Man, sounds like an awesome LoginModule I would sure > like to see it. License (Apache, GPL, LGPL?). Do you > have any comments on the SASL vs. GSSAPI debate? > > Edward > > --- Kevin Conner <[EMAIL PROTECTED]> > wrote: > > I hope you two don't mind me adding something to the discussion, I > > hope it is pertinent. > > > > I have a login module that does something similar to > > what it being proposed > > by Edward, > > the recursive mapping of the role principals until > > no more mapping can be > > performed. > > Associated with each of these roles are properties > > that are used to fine > > tune the > > security or provide general user properties (the > > user principal also has > > associated > > properties). > > > > I was asked to implement this because our clients > > required a hierarchical > > approach > > to security; they wanted the ability to specify a > > role in terms of other > > roles. > > > > This has worked very well in our environment and our > customers heavily > > use this capability, mapping the roles onto their own > > organisational structure. > > > > IMHO the login module is the best place for this > > mapping, for performance > > reasons > > if no other, and it would be easy to abstract the > > recursive nature into a > > base class. > > I also agree, again IMHO, that the login module is > > the best place because > > the JAAS > > framework delegates this responsibility to the login > > module. > > > > Once again, I hope you don't mind this intrusion. > > > > Kev > > ===== > Edward Flick > Enterprise Applications Designer / Database Administrator / > Web Administrator CDF, Inc. > > __________________________________ > Do you Yahoo!? > Exclusive Video Premiere - Britney Spears > http://launch.yahoo.com/promos/britneyspears/ > ---------------------------------------------------------------- Visit our Internet site at http://www.reuters.com Get closer to the financial markets with Reuters Messaging - for more information and to register, visit <http://www.reuters.com/messaging> Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of The Reuters Group.
