I vote for two or three - summers comments are spot on :)
-- qmx (mobile)
On 20/02/2013, at 10:25, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Good morning slackers.
Today I was chatting with Dan about some cross-cutting concerns like CORS, XSS
mitigation, HSTS, CSP. They have something related with security, but is not because it
has "security" into the specification, that it MUST be inside AG-sec.
They're cross-cutting concerns and I'd like to have it in a single place to be
used as dependency. So what are the alternatives?
1- Put it inside AG-Controller and AG sec will be just the bridge to providers like
PicketLink
2- Put it inside AG-Sec and decoupled from AG-Controller, if you want to add security on
AG-Controller based apps, you just include AG-Sec as dependency
3- And Matthias suggested the creation of ag-controller plugins.
So…...what do you think?
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev