[security-dev] PicketLink workspace proposal

Anil Saldhana Anil.Saldhana at redhat.com
Thu Oct 4 13:35:06 EDT 2012

On 10/04/2012 12:32 PM, Pete Muir wrote:
> On 4 Oct 2012, at 10:29, David M. Lloyd wrote:
>> On 10/04/2012 12:25 PM, Pete Muir wrote:
>>> On 4 Oct 2012, at 08:24, Anil Saldhana wrote:
>>>> Hi all,
>>>>     here is what Shane and I have been discussing in the last 10 days
>>>> that we can come to an agreement in this thread. Please provide your
>>>> feedback and insights as we move forward with the PicketLink main workspace.
>>>> Proposal:
>>>> PicketLink main workspace will have the following modules:
>>>> a) core :  will contain the CDI based security code that Shane has been
>>>> driving.
>>> I'm still concerned about calling this core. But...
>> I agree with Pete, and furthermore I think that "core" should be the name of the missing link that should form the core of the AS security infrastructure.  Maybe "cdi" is a better name for this module.
> For PicketLink, I think (and Anil can correct me if I'm wrong), we want the focus to be on application security, and security libraries that can be used to build something like whatever security we need built in to the AS.
Yeah - for application security that we will market via JDF, PicketLink 
will be the project given that JDF will be pitching CDI.
> Or perhaps David/Darran, you could link/describe what "core of the AS security infrastructure" is in terms I can understand ;-)
I think David is referring to a pure security code that does not have 
any CDI dependencies. Something like PicketBox core.

>>>> b) idm:  will contain the idm api and impl submodules.  This is low
>>>> dependency JavaSE library for Identity Management functionality (CRUD of
>>>> users/roles/groups). This module is ultra critical to all projects.
>>> +1
>>>> c) federation: will contain the core SAML (and maybe WS-Trust) code
>>>> without any EE container dependencies. Mainly parsing, writing and model
>>>> code.
>>> +1
>>>> d) social: will contain social login code that allows signin using
>>>> facebook, google/openid, twitter.
>>> Have you talked to Antoine @ Agorava at all here. Agorava is the social solution we will want to be promoting as part of the JBoss stack.
>>>> Versioning:
>>>> Last major release of PL has been with 2.1.5
>>>> (https://docs.jboss.org/author/display/PLINK/v2.1.5.Final)
>>>> So definitely we can release above with 3.x
>>> +1
>>>> Since we may need some container binding code with AS, Tomcat etc, we
>>>> have two possibilities:
>>>> a) Create another workspace in PicketLink github organization for the
>>>> container binding. (My preference)
>>> +1
>>>> b) Create a separate github organization that will host all the
>>>> container bindings, integration testing workspaces etc. We can call it
>>>> picketlinkbindings.
>>>> Regards,
>>>> Anil

More information about the security-dev mailing list