the actual
applications handle authorization. Just my two cents.
Cheers,
Tim
--
Tim Ruppert
HotWax Media
http://www.hotwaxmedia.com
o:801.649.6594
f:801.649.6595
On Jun 20, 2008, at 7:39 PM, Adrian Crum wrote:
From: David E Jones <[EMAIL PROTECTED]>
Subject: Re: Discussion: OFBiz Security
> From: David E Jones <[EMAIL PROTECTED]>
> Subject: Re: Discussion: OFBiz Security Refactor
> To: dev@ofbiz.apache.org
> Date: Friday, June 20, 2008, 2:42 PM
> On Jun 20, 2008, at 8:30 AM, Adrian Crum wrote:
>
> > I don't agree that attempting to control OFBiz
On Jun 20, 2008, at 8:30 AM, Adrian Crum wrote:
I don't agree that attempting to control OFBiz user permissions
through a management application is useless. There are a number of
programs here where I work that integrate well with NDS and allow me
to control them through a single managemen
I don't agree that attempting to control OFBiz user permissions through
a management application is useless. There are a number of programs here
where I work that integrate well with NDS and allow me to control them
through a single management console.
I can't imagine being in a large corporat
Thank you David! My English is not good enough to express what I'm
thinking precisely. :)
Yes, "different ways of organizing and interpreting permissions".
Shi Yusen/Beijing Langhua Ltd.
在 2008-06-19四的 22:30 -0600,David E Jones写道:
> I'm not sure if this is what you mean Shi, but I think we're
I'm not sure if this is what you mean Shi, but I think we're on the
same page with the problem with this: different applications tend to
have different permission sets, business processes that pass through
the applications, different ways of organizing and interpreting
permissions, and so
Adrian,
I guess you mean unified authentation and unified authoration. In
pratice, unified authoration is useless.
Shi Yusen/Beijing Langhua Ltd.
在 2008-06-19四的 19:53 -0700,Adrian Crum写道:
> --- On Thu, 6/19/08, David E Jones <[EMAIL PROTECTED]> wrote:
> I've had this discussion probably nearly
--- On Thu, 6/19/08, David E Jones <[EMAIL PROTECTED]> wrote:
I've had this discussion probably nearly 100 times with different
clients and different people, and been involved in over a dozen
different LDAP and SSO implementation. Based on that and reading this
a few things come to mind:
1.
I've had this discussion probably nearly 100 times with different
clients and different people, and been involved in over a dozen
different LDAP and SSO implementation. Based on that and reading this
a few things come to mind:
1. only put in LDAP what other applications can share, since t
Yes, the whole directory is arranged as a tree - which is an LDAP thing,
not an NDS thing.
By the way, groups in NDS would be similar to Domains in Active Directory.
Also keep in mind that I'm not proposing that we change how the current
permissions checking behaves. I'm only proposing a means
Adrian,
This really helps. I am starting to see what the api for the integrated
permission utility would be. "Trustee" relationship is the word for the
relationship between objects (in my case, content records) and party with
permissions. In the NDS scheme can trustee groups be hierarchically
arra
Al,
How each network OS organizes LDAP objects and implements access to
those objects varies. I can only tell you how it works in NDS - I
haven't worked with Active Directory. I'll describe how NDS does things
and how I see OFBiz fitting in.
All network resources are objects. These include s
All,
I would like to bring in this discussion the framework/applications relation
and dependence.
With this I mean that, since we are going to release the framework by
itself, I guess the party will not included in it. On the other hand the
security is implemented in the framework.
So I ask, is it
Adrian,
This is good timing for me as I need to implement a security scheme in which
a user's ability to perform CRUD operations is dependent on their level
within an organization (ie. someone is a divisional supervisor so they can
only modify records within their division and its departments). Do
Shi Yusen wrote:
BTW, as the topic is on securtiy, I would suggest to consider adding
some implements to offer the ability to control read/write of entity
fields.
That is usually handled by the presentation layer or in the service engine.
-Adrian
Authentation? Authoration?
I think authentation is ok.
BTW, as the topic is on securtiy, I would suggest to consider adding
some implements to offer the ability to control read/write of entity
fields.
Shi Yusen/Beijing Langhua Ltd.
在 2008-06-19四的 10:54 -0700,Adrian Crum写道:
> It looks like we f
It looks like we finally have a decent implementation for authenticating
users using LDAP - https://issues.apache.org/jira/browse/OFBIZ-811. This
will allow OFBiz installations to share user names and passwords with
the network.
I would like to expand it further so that OFBiz user permissions
17 matches
Mail list logo