[aerogear-dev] AeroGear Controller, Security…(SoC), oh my
Douglas Campos
qmx at qmx.me
Thu Feb 21 10:14:49 EST 2013
I vote for two or three - summers comments are spot on :)
-- qmx (mobile)
On 20/02/2013, at 10:25, Bruno Oliveira <bruno at abstractj.org> wrote:
> Good morning slackers.
>
> Today I was chatting with Dan about some cross-cutting concerns like CORS, XSS mitigation, HSTS, CSP. They have something related with security, but is not because it has "security" into the specification, that it MUST be inside AG-sec.
>
> They're cross-cutting concerns and I'd like to have it in a single place to be used as dependency. So what are the alternatives?
>
> 1- Put it inside AG-Controller and AG sec will be just the bridge to providers like PicketLink
> 2- Put it inside AG-Sec and decoupled from AG-Controller, if you want to add security on AG-Controller based apps, you just include AG-Sec as dependency
> 3- And Matthias suggested the creation of ag-controller plugins.
>
> So…...what do you think?
>
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list