On Wednesday 14 April 2004 11:38, you wrote: > Thanks for the clarification. I'm only very slightly > knowledgeable about the java security model. Your goal, > however, is basically to extend that model to components in > the container?
Yes. > What I'm more concerned with is not working directly with > the Java security model, but providing a role-based > application-level authorization/authentication along the lines > of JAAS integrated with the container. Are you doing work in > that area as well? That is the next step. My first analysis showed that I first needed to address the code-level security, so that Merlin can be used for 'hosting' untrusted components, yet untrusted components can use trusted components who have more access. Once that is in place, I intend to look into a JAAS leveraging scheme, so that a 'entry point' component grabs a 'login' component, and provide the Credentials. The Login would then use a pluggable Authentication system and a separately pluggable Authorization system, so that any scheme can be supported. Details are still not on the drawing table, but I know just about everyone is requesting it. Niclas -- +---------//-------------------+ | http://www.bali.ac | | http://niclas.hedhman.org | +------//----------------------+ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
