> A subject is the root/ abstract entity for a user, principals are > views or identities of a subject and in JAAS you would represent a > role as a principal.
I agree with your statement which leads me to the fact that the principal should really be a role in swarm and the hive file is a mapping of a role to given permissions and actions. So back to what I said before, swarm is really nice when you have an application with pre-defined roles instead of an application that is more fluid and tenants can create their own structure of roles. -Craig Eelco Hillenius wrote: > >> Right now swarm operates the following way: A user is associated with >> 1 or more Subjects, each Subject has 0 or more Principals. > > This sounds right to me, and is like how JAAS works. > > A subject is the root/ abstract entity for a user, principals are > views or identities of a subject and in JAAS you would represent a > role as a principal. > > As JAAS is the default authorization mechnism in Java, it is arguably > the 'industry standard' (for Java). Whether it is what you prefer is > another question. I think people find users/ roles easier to > understand, but personally I like the more abstracted model of JAAS; > whether you want to model groups, roles a combination of the two or > even something different, it fits seamlessly. > > My 2c, > > Eelco > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > > -- View this message in context: http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11364093 Sent from the Wicket - User mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user