I just want to note that JAAS is not JAAAS - JAAS only covers Authentication and Authorization, not the third A - Audit.
Personally, i found the JAAS to be a rather limiting model - it is not really used much in the real world, and one of the main reasons why is because is has zero hooks for auditing. I'll also add that there may be a good reason why auditing was not included, but i have a feeling Perl can handle this better and more flexibly than Java. Just food for thought :) jeffa --- Stephen Adkins <[EMAIL PROTECTED]> wrote: > Hi, > > I need a security (authorization) framework > soon, and I will be developing > one if I can't find a suitable one. It would > be great if this could be > part of the P5EE effort. > > I observe the following. > > 1. Many others have already implemented such > and API for their own needs > 2. The J2EE spec may provide some excellent > design guidance here (JAAS) > whether or not we imitate all of the > classes/methods exactly > > http://www.officevision.com/pub/p5ee/j2ee.html > http://java.sun.com/products/jaas/ > > This is a request for > > 1. Suggestions of existing code bases that > would be good for a start > 2. People who would like to work on defining > and developing the modules > > I reference Ajit's comments... > > At 10:23 AM 10/24/2001 -0400, Ajit Deshpande > wrote: > .... > >Before we start reinventing the > project-management-wheels that we learnt > >with the launch of perl6, I would suggest that > we do something > >like the following: > > > >0. An RFC process to get input from the > community about the feature set > > desirable from p5ee. > > > >1. A designer or a group of designers that > will design the framework: > > Perrin and Gunther come to mind as folks > whose judgement I trust. > > There _are_ others, lets identify them. > This group will be charged > > with the munching on the RFPs and come up > with a set of recommendations > > as regards the feature set of the framework > > > >2. Once the desired framework has taken shape, > we can divide the framework > > into functionally distinct components and > establish the APIs for > > the components. > > Paul has put out a good laundry list of modules > and where he thinks they > should fit. > I have a similar list at > http://www.officevision.com/pub/p5ee/p5ee_modules.html. > "Consensus" is a ways off, but perhaps > agreement can be reached that we need > an authentication/authorization API similar to > JAAS. > > >3. Each component will get an implementation > team that will decide on the > > implementation using existing modules or > build new glue code if necessary. > > Volunteers for a security API? > > >I think the important thing is to develop a > specification. Some people have > >expressed reservations about aping the J2EE > spec. But, instead of > re-inventing > >the wheel here, lets take a hard look at the > J2EE spec and decide what is > most > >desirable (hence the RFC process). > > Right. We need an API spec first, and the JAAS > spec is a worthy reference > to begin with. > > >Ajit > > Stephen > http://www.officevision.com/pub/p5ee/ > > > __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com
