<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Management API Security Key Decisions
</h3>
<span style="margin-bottom: 10px;">
modified by <a href="http://community.jboss.org/people/brian.stansberry">Brian Stansberry</a> in <i>JBoss AS7 Development</i> - <a href="http://community.jboss.org/docs/DOC-16586">View the full document</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><h1>Key Decisions</h1><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>This article tracks the key decisions to be made regarding the security of the management APIs.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2>Traditional Authentication or Security Tokens</h2><p>This problem was introduced closely related to authentication caches - without the overhead invovled during authentication this would purely be about personal preferences.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><a class="jive-link-wiki-small" href="http://community.jboss.org/docs/DOC-16452">Design Consideration - Management API Authentication Caching</a></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The following article highlights some of the advantages and disadvantages of each approach.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><a class="jive-link-wiki-small" href="http://community.jboss.org/docs/DOC-16584">Management API Security Token vs Per Node Authentication</a></p><h3>Decision</h3><table border="1" cellpadding="3" cellspacing="0" class="jiveBorder" style="width: 33%; border: 1px solid #000000;"><tbody><tr><th align="center" style="border:1px solid black;border: 1px solid #000000;background-color: #6690bc;" valign="middle"><span style="color: #ffffff;"><strong>Option</strong></span></th><th align="center" style="border:1px solid black;border: 1px solid #000000;background-color: #6690bc;" valign="middle"><span style="color: #ffffff;"><strong>Comments<br/></strong></span></th></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Traditional Only</td><td style="border:1px solid black;border: 1px solid #000000;"><br/></td></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Security Token Only</td><td style="border:1px solid black;border: 1px solid #000000;">Not an option; we need both the Remoting SASL integration and also HTTP standard based integration</td></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Traditional Only then add Secutiry Token Support</td><td style="border:1px solid black;border: 1px solid #000000;">This is our choice, but the security token is not a high priority. Will not be in 7.1</td></tr></tbody></table><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2>Authentication Mechanisms (Server Side)</h2><p>Regardless of if we stick with traditional authentication or use a security token some form of authentication will still be required first to provide the security token.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The following article discusses these options.</p><p><a class="jive-link-wiki-small" href="http://community.jboss.org/docs/DOC-16574">Management API Security Authentication Mechanisms</a></p><h3>Decision</h3><table border="1" cellpadding="3" cellspacing="0" class="jiveBorder" style="width: 33%; border: 1px solid #000000;"><tbody><tr><th align="center" style="border:1px solid black;border: 1px solid #000000;background-color: #6690bc;" valign="middle"><span style="color: #ffffff;"><strong>Option</strong></span></th><th align="center" style="border:1px solid black;border: 1px solid #000000;background-color: #6690bc;" valign="middle"><span style="color: #ffffff;"><strong>Comment</strong></span></th></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Support a simple property file based authentication?</td><td style="border:1px solid black;border: 1px solid #000000;">Yes</td></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Support LDAP based authentication?</td><td style="border:1px solid black;border: 1px solid #000000;">Yes</td></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Support Database based authentication?</td><td style="border:1px solid black;border: 1px solid #000000;">Eventually; lower priority. May not be in 7.1</td></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Support delegate to domain controller type authentication?</td><td style="border:1px solid black;border: 1px solid #000000;">Lowest priority.</td></tr></tbody></table><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2>Authentication Mechanism (Transport)</h2><p>The following article explores how exposing our own APIs now gives us some flexibiliy regarding how to handle different authentication mechanisms for the transport.</p><p><a class="jive-link-wiki-small" href="http://community.jboss.org/docs/DOC-16587">Management API Security Transport Authentication</a></p><p>Essentially we can now dynamically identify one of a number of potential mechanisms from a single request instead of the previous servlet container based approach where you would need to forward to different deployments to use different mechanisms.</p><h2>Host to Domain Controller Authentication</h2><p>The following article explores the authentication and establishment of trust between the remote host and the domain controller.</p><p><a class="jive-link-wiki-small" href="http://community.jboss.org/docs/DOC-16579">Management API Security Host to Domain Controller Security</a></p><p>Essentially the host is just a special type of user, initially no different to any other administrator but at some point when ACLs are defined we can review adding an ACL for 'register host' or something similar.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>No decisions here unless there are additional comments?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>This does imply that an exposed management API may need to support multiple authentication mechanisms at the protocol level as support certificates for the host to domain controller connection does not nescesarily mean a desire for administrators to also use certificates when they connect.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2>Configuration Options</h2><p>The security is going to require additional configuration for the definition, as the only configuration made available so far is which APIs to expose there are no pre-existing placeholders to insert the security configuration.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The following article shows the current configuration.</p><p><a class="jive-link-wiki-small" href="http://community.jboss.org/docs/DOC-16494">Management API Security Configuration</a></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The following article starts to explore in terms of traditional authentication how this could be defined.</p><p><a class="jive-link-wiki-small" href="http://community.jboss.org/docs/DOC-16576">Management API Security Possible Configuration Samples</a></p><h3>Decision</h3><table border="1" cellpadding="3" cellspacing="0" class="jiveBorder" style="width: 33%; border: 1px solid #000000;"><tbody><tr><th align="center" style="border:1px solid black;border: 1px solid #000000;background-color: #6690bc;" valign="middle"><span style="color: #ffffff;"><strong>Option</strong></span></th><th align="center" style="border:1px solid black;border: 1px solid #000000;background-color: #6690bc;" valign="middle"><span style="color: #ffffff;"><strong>Comment</strong></span></th></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Prefer configuration focussed in domain.xml?</td><td style="border:1px solid black;border: 1px solid #000000;"><br/></td></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Prefer configuration focussed in host.xml?</td><td style="border:1px solid black;border: 1px solid #000000;"><br/></td></tr></tbody></table><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2>Database Connection Pool</h2><p>We are required to integrate with existing security infrastructure, this means we will need to support a Database login module so we will require connections to the database.</p><h3>Decision</h3><p>Who will previde the connection pool?</p><table border="1" cellpadding="3" cellspacing="0" class="jiveBorder" style="width: 33%; border: 1px solid #000000;"><tbody><tr><th align="center" style="border:1px solid black;border: 1px solid #000000;background-color: #6690bc;" valign="middle"><span style="color: #ffffff;"><strong>Option</strong></span></th><th align="center" style="border:1px solid black;border: 1px solid #000000;background-color: #6690bc;" valign="middle"><span style="color: #ffffff;"><strong>Comment</strong></span></th></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Provided by the management security implementation.</td><td style="border:1px solid black;border: 1px solid #000000;"><br/></td></tr><tr><td style="border:1px solid black;border: 1px solid #000000;">Will be provided as part of another task.</td><td style="border:1px solid black;border: 1px solid #000000;"><br/></td></tr></tbody></table><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h2>Authorization Checks</h2><p>At this stage out only requirement is to verify that the user is authenticated, the following raises points to consider regarding how authorization checks will be performed depending on how a request reaches the management API on any host.</p><p><a class="jive-link-wiki-small" href="http://community.jboss.org/docs/DOC-16583">Management API Security Authorization Responsibility</a></p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Comment by <a href="http://community.jboss.org/docs/DOC-16586">going to Community</a></p>
<p style="margin: 0;">Create a new document in JBoss AS7 Development at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2225">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>