On Wed, 2002-10-16 at 03:07, Rodney Schneider wrote: > On Wed, 16 Oct 2002 14:38, you wrote: > > I realise that the current security implementation (ie: users, groups, roles > and permissions) is far from being universally applicable, but it does work > quite well for many web applications and there are many Turbine 2.x users > that depend on it. I have had a brief look at Henning's DBSecurityService > proposal and it does seem like a much better implementation of the CustomUser > or extended TurbineUser concept. I think the first step we should take is to > clean up the coupled T2 Security service so that it works for those people > who have had to extend TurbineUser in their T2.1 applications. Then we > release Turbine 2.2. Then, down the track, we convert Henning's proposal > into a pluggable Avalon component. I think that would be the easiest > migration path for anyone currently depending on the coupled T2 Security > service. Does anyone know how much work has been put into the Fulcrum > Security service?
We use Scrum @ Zenplex for development (http://www.controlchaos.com/) and in our next 30 day Sprint we will be making a lightweight security toolkit called Scythe which will take a model (the turbine model being one, JAAS and RBAC being a couple others) and generate the resources required. So would be the Java source, DDL, OJB meta data information, LDAP schema if that's the way you want to go. Bob McWhirter and I will be working on this and David Taylor (Jetspeed lead) is going to help us out to. The basic idea is that security can be described as a policy. As such it should be defined as a discrete entity and applied to your application. Basically have your security model and attach it to your application model. With the pipeline in t3/summit where a valve is basically acting as a pseudo interceptor you could push your security into the application that way. I'll be using aspects to apply security to the application model but the security toolkit will make it simpler to make varied security implementations. We're also going to be using commons-sql and dumping the velocity based SQL generation as it has proven to be a bit of a mess. > Thanks, > > -- Rodney > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- jvz. Jason van Zyl [EMAIL PROTECTED] http://tambora.zenplex.org In short, man creates for himself a new religion of a rational and technical order to justify his work and to be justified in it. -- Jacques Ellul, The Technological Society -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
