Would you like help with this? If so, where do I start? -----Original Message----- From: David Sean Taylor [mailto:[email protected]] Sent: Wednesday, August 19, 2009 4:35 PM To: Jetspeed Developers List Subject: Re: Jetspeed Authorization
On Aug 19, 2009, at 2:15 PM, Deepak Kaimal wrote: > David, > Thank you for your response and I hope you enjoyed your vacation, I > am sure it was well earned. > > My aim was to create a Policy Enforcement Point (PEP) for J2 with > the OpenSSO server acting as the PDP and PAP. As we progressed, we > realized that the authorization components are distributed within > the J2 codebase and because of the different kinds of authorization > modes supported, it is not easy to pull just that component out. > > We have decided that letting J2 manage authorization internally is > probably more robust and performance optimized since there is no > easy and manageable way to plugin a new authorization system. > > Overall, I am now of the belief that authentication can be > centralized, but authorization is best handled natively. > OK... yes, we have the Java Security Policy based checks as well as Security Constraints. I still like the idea of having a central security accessor service as the dependency to all other services requiring high level authorization checks. I am considering creating a JIRA issue to complete this work, although Im quite busy right now coming, especially after returning from vacation :) and not sure when I can get to it --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
