P5EE Security RFC, was My thoughts on "p5ee"

Wed, 31 Oct 2001 06:08:40 -0800 

Hi,

I need a security (authorization) framework soon, and I will be developing
one if I can't find a suitable one.  It would be great if this could be
part of the P5EE effort.

I observe the following.

 1. Many others have already implemented such and API for their own needs
 2. The J2EE spec may provide some excellent design guidance here (JAAS)
    whether or not we imitate all of the classes/methods exactly
       http://www.officevision.com/pub/p5ee/j2ee.html
       http://java.sun.com/products/jaas/

This is a request for

 1. Suggestions of existing code bases that would be good for a start
 2. People who would like to work on defining and developing the modules

I reference Ajit's comments...

At 10:23 AM 10/24/2001 -0400, Ajit Deshpande wrote:
....
>Before we start reinventing the project-management-wheels that we learnt
>with the launch of perl6, I would suggest that we do something
>like the following:
>
>0. An RFC process to get input from the community about the feature set
>   desirable from p5ee.
>
>1. A designer or a group of designers that will design the framework:
>   Perrin and Gunther come to mind as folks whose judgement I trust.
>   There _are_ others, lets identify them. This group will be charged 
>   with the munching on the RFPs and come up with a set of recommendations
>   as regards the feature set of the framework
>
>2. Once the desired framework has taken shape, we can divide the framework
>   into functionally distinct components and establish the APIs for
>   the components.

Paul has put out a good laundry list of modules and where he thinks they
should fit.  
I have a similar list at
http://www.officevision.com/pub/p5ee/p5ee_modules.html.
"Consensus" is a ways off, but perhaps agreement can be reached that we need
an authentication/authorization API similar to JAAS.

>3. Each component will get an implementation team that will decide on the
>   implementation using existing modules or build new glue code if necessary.

Volunteers for a security API?

>I think the important thing is to develop a specification. Some people have
>expressed reservations about aping the J2EE spec. But, instead of
re-inventing
>the wheel here, lets take a hard look at the J2EE spec and decide what is
most
>desirable (hence the RFC process).

Right.  We need an API spec first, and the JAAS spec is a worthy reference
to begin with.

>Ajit

Stephen
http://www.officevision.com/pub/p5ee/

Reply via email to