portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Santiago Gala <sg...@hisitech.com>
Subject Re: Informal Meeting @ Collab
Date Sun, 06 Jan 2002 12:47:18 GMT
David Sean Taylor wrote:


>For those of you who can't make it, if you'd like to send me a list of
>questions/issues, I'd be glad to relay your questions at the meeting.

I would like to know  about the evolution of the security stuff in 
Turbine. There are two issues that our team has problems with:

- Mixture between authentication/user management in the Turbine security 
model. You cannot have, for instance, user information in DB, while 
authenticating against LDAP or JAAS services. In a lot of our setups, we 
need to have users authenticated from a corporate source, which we 
*cannot* use to store user information. While this is relatively simple 
to patch, having separate services for user management and 
authentication/security would enable cleaner plugin of modules.

- Evolution towards a standard java security model. I have always 
preferred the java.security.Principal, etc. classes for security. I 
think we will be in trouble with the security model unless we build on 
top of the standard java security classes. If you see my previous point, 
ideally, authentication/security checks should be left to the servlet 
container, while user management can be dealt with at the turbine level.

I would be interested on feed back on these issues, specially on how 
people is working.

Thanks in advance


To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>

View raw message