[jboss-dev-forums] [JBoss AS7 Development] - Management Security Tasks

[Darran Lofthouse]

Darran Lofthouse [http://community.jboss.org/people/darran.lofthouse%40jboss.com] created the document:

"Management Security Tasks"

To view the document, visit: http://community.jboss.org/docs/DOC-16463

--------------------------------------------------------------
Identified tasks for adding security to the AS7 management APIs: -

|| *Description* || *Jira Issues* || *Owner
* || *Dependencies
* || *Comments / Risks
* ||
| Define security configuration. | 
 | 
 | General management API configuration. | 
 |
| Login modules need to operate in non-AS domains. | 
 | Anil / Marcus | 
 | 
 |
| Add BASIC authenticator to HTTP API | 
 | 
 | 
 | 
 |
| Add TLS/SSL to HTTP API | 
 | 
 | 
 | 
 |
| Add CLIENT-CERT type authenticator to HTTP API | 
 | 
 | 
 | 
 |
| Ensure equivalent authentication possible through native API. | 
 | 
 | Initial native API with Remoting. | 
 |
| Security initialisation similar to subsystem initialisation. | 
 | 
 | 
 | To review as much re-use of security extension in non AS. |
| Interception of all inbound calls for authorization check. | 
 | 
 | 
 | Initial check may just be that the calling user must have been authenticated. |
| Define ACL scheme. | 
 | 
 | 
 | 
 |
| Add ACL checking to authorization. | 
 | 
 | 
 | 
 |
| Mechanism to provide users permissions to clients of the API. | 
 | 
 | 
 | 
 |
--------------------------------------------------------------

Comment by going to Community
[http://community.jboss.org/docs/DOC-16463]

Create a new document in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20110209/c65aea26/attachment.html