Anil Saldhana [
https://community.jboss.org/people/anil.saldhana] created the document:
"Security Requirements Document"
To view the document, visit:
https://community.jboss.org/docs/DOC-19755
--------------------------------------------------------------
This document will collect the requirements for security for the various JBoss Community
projects in one place.
h2.
h2. Projects Providing Requirements
1. JBoss Application Server
2. Aerogear
3. JBoss Developer Framework/JBossWay
4. RESTEasy
5. GateIN
6. DeltaSpike
7. ModeShape
8. Teiid
h2. Requirements
(In Progress)
1. Need simpler application security programming model.
2. Need better control over authentication mechanism.
3. Need security detached from the containers.
4. Need an Identity Management Model. (Represent Users/Roles/Groups/Attributes with
databases/ldap).
5. Need Challenge/Response based authentication model.
6. Need fine grained authorization and permission model.
7. Need support for SAML2, OAuth2, JOSE.
Special requirements from DML:
* Authorization framework that is compatible with the EJB security model and also
integrates with EE 7 security manager requirements and AccessControlContext
* Possible alternative to AccessControlContext for performance-sensitive applications
* Long term, a possibly fine-grained authorization framework for server and domain
management
* Consolidated secure materials management (key management, certificate management, trust
management)
* Alternative authentication mechanisms (e.g. private key authentication, maybe revisit
SRP) for web and SASL (in addition to supporting existing mechanisms such as so-called
"silent" auth)
* Support alternative identity/principal types (e.g. public keys, certificates) in
addition to user name
* Support multiple identity realms based on selection criteria (realm if supported, or
other criteria such as source IP address, chosen auth mechanism, or other principal like
client cert)
h2. Reference
https://community.jboss.org/docs/DOC-19232 Authentication API Design
1.
https://community.jboss.org/docs/DOC-19232 Authentication API Design
--------------------------------------------------------------
Comment by going to Community
[
https://community.jboss.org/docs/DOC-19755]
Create a new document in PicketBox Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=102&a...]