[aerogear-dev] AeroGear Controller, Security…(SoC), oh my

Wed Feb 20 08:25:19 EST 2013

Good morning slackers.

Today I was chatting with Dan about some cross-cutting concerns like CORS, XSS mitigation, HSTS, CSP. They have something related with security, but is not because it has "security" into the specification, that it MUST be inside AG-sec.

They're cross-cutting concerns and I'd like to have it in a single place to be used as dependency. So what are the alternatives?

1- Put it inside AG-Controller and AG sec will be just the bridge to providers like PicketLink
2- Put it inside AG-Sec and decoupled from AG-Controller, if you want to add security on AG-Controller based apps, you just include AG-Sec as dependency
3- And Matthias suggested the creation of ag-controller plugins.

So…...what do you think?

--  
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

--  
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130220/2a021d64/attachment.html 