> > A subject is the root/ abstract entity for a user, principals are > > views or identities of a subject
Well I'm glad we all agree on that one :) However as Eelco said a principal can be much more than just a role. So i am a little reluctant to rename Principal to Role. If i wanted to i could even use the Swarm Subjects as Roles (although that would be a really long stretch, and certainly not recommended :) ). And although the fact that you can use principals / subjects in several ways might make it less clear from the start how to use them, that is also there power as it gives you greater flexibility on how to set up your security. That being said i am still open for renaming suggestions, i just don't think role should be it. > an application that is more fluid and tenants can create their own structure > of roles. I am sorry that you feel swarm does not accommodate you enough in this field. But I welcome you to build upon wasp and enrich the wicket community with your work. Looking at swarm should have given you a pretty clear picture of the security building blocks in wicket. Maurice On 6/29/07, Craig Lenzen <[EMAIL PROTECTED]> wrote: > > > A subject is the root/ abstract entity for a user, principals are > > views or identities of a subject and in JAAS you would represent a > > role as a principal. > > I agree with your statement which leads me to the fact that the principal > should really be a role in swarm and the hive file is a mapping of a role to > given permissions and actions. So back to what I said before, swarm is > really nice when you have an application with pre-defined roles instead of > an application that is more fluid and tenants can create their own structure > of roles. > > -Craig > > > Eelco Hillenius wrote: > > > >> Right now swarm operates the following way: A user is associated with > >> 1 or more Subjects, each Subject has 0 or more Principals. > > > > This sounds right to me, and is like how JAAS works. > > > > A subject is the root/ abstract entity for a user, principals are > > views or identities of a subject and in JAAS you would represent a > > role as a principal. > > > > As JAAS is the default authorization mechnism in Java, it is arguably > > the 'industry standard' (for Java). Whether it is what you prefer is > > another question. I think people find users/ roles easier to > > understand, but personally I like the more abstracted model of JAAS; > > whether you want to model groups, roles a combination of the two or > > even something different, it fits seamlessly. > > > > My 2c, > > > > Eelco > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Wicket-user mailing list > > Wicket-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/wicket-user > > > > > > -- > View this message in context: > http://www.nabble.com/wicket-security-and-acl-files-tf3960558.html#a11364093 > Sent from the Wicket - User mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
