[security-dev] security domain solely as a metadata store

Bill Burke bburke at redhat.com
Tue Jul 31 17:23:40 EDT 2012

I want to discuss a bit about what a AS7/Pickelink security domain's 
responsibilities should be in the new architecture.  Currently the 
responsibilities of the security domain are blurred.  Sometimes its just 
a metadata store (user/password), sometimes it partially implements a 
security protocol, sometimes it implements all of a protocol.

I'd like to make the case that the security domain is solely a metadata 
store and that it should not handle anything protocol related.  Protocol 
related processing should be done in a Web filter/valve, EJB 
interceptor, or whatever is available at the protocol level.

Picketbox should be a set of utilities for helping to build security 

Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list