-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Rickard,
Maybe one should have a look at the way Weblogic handles security.
http://www.weblogic.com/docs51/classdocs/API_acl.html
show how bea implemented an acl security scheme for their application
server.
it manages users, groups and acls in a "security realm". There are
several security realms implemented in Weblogic like LDAP, NTusers,
UnixUsers or RDBMSRealm.
The scheme allows for mapping of acs to types and to instances.
instances are mapped by their jndi names.
It is mainly used to protect Weblogic`s integrated services (JDBC
connection pools, JNDI resources,...). One can use the ACL security
scheme by implementing your own security checks by calling the
Security API and asking for a permission.
I don�t think that this really is a usefull approach as it does not in
any way integrate with EJB security.
What I like about the Concept is that you are able to Map ACLs on a
type and instance level. I think defining an abstract concept of how
the role is assigned to the Principle and then implementing a
system that allows not only for type but also for instance mapping
of security roles to users/groups would be enough to allow just any
security scheme one could think of.
mfg
roman
- --
- -------------------------------------------------------------------
Roman Seidl Design & Developement
- -------------------------------------------------------------------
Public Voice Lab Operngasse 24, A-1040 Vienna
Tel.: +43-1-585 22 80/23 Fax: +43-1-585 22 80/99
e-mail: [EMAIL PROTECTED] web: www.pvl.at
- -------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
iQA/AwUBOX2u7Pg2uKdd4ESJEQKV9ACfe+bYilmHgjO7PN7YOrnl8MVNVokAoLLP
NZy7gHLWvPyPNEwq3YD5+Zdn
=UYqW
-----END PGP SIGNATURE-----
