<div>
<div>Good morning slackers.</div><div><br></div><div>Today I was chatting with Dan about some cross-cutting concerns like CORS, XSS mitigation, HSTS, CSP. They have something related with security, but is not because it has "security" into the specification, that it MUST be inside AG-sec.</div><div><br></div><div>They're cross-cutting concerns and I'd like to have it in a single place to be used as dependency. So what are the alternatives?</div><div><br></div><div>1- Put it inside AG-Controller and AG sec will be just the bridge to providers like PicketLink</div><div>2- Put it inside AG-Sec and decoupled from AG-Controller, if you want to add security on AG-Controller based apps, you just include AG-Sec as dependency</div><div>3- And Matthias suggested the creation of ag-controller plugins.</div><div><br></div><div>So…...what do you think?</div><div><div><br></div><div><div><br></div><div>-- </div><div>"The measure of a man is what he does with power" - Plato</div><div>-</div><div>@abstractj</div><div>-</div><div>Volenti Nihil Difficile</div></div></div>
</div>
<div><div><br></div><div><br></div><div><div>-- </div><div>"The measure of a man is what he does with power" - Plato</div><div>-</div><div>@abstractj</div><div>-</div><div>Volenti Nihil Difficile</div></div></div>