Darran Lofthouse [http://community.jboss.org/people/darran.lofthouse%40jboss.com] created the document: "Management Security Tasks" To view the document, visit: http://community.jboss.org/docs/DOC-16463 -------------------------------------------------------------- Identified tasks for adding security to the AS7 management APIs: - || *Description* || *Jira Issues* || *Owner * || *Dependencies * || *Comments / Risks * || | Define security configuration. | | | General management API configuration. | | | Login modules need to operate in non-AS domains. | | Anil / Marcus | | | | Add BASIC authenticator to HTTP API | | | | | | Add TLS/SSL to HTTP API | | | | | | Add CLIENT-CERT type authenticator to HTTP API | | | | | | Ensure equivalent authentication possible through native API. | | | Initial native API with Remoting. | | | Security initialisation similar to subsystem initialisation. | | | | To review as much re-use of security extension in non AS. | | Interception of all inbound calls for authorization check. | | | | Initial check may just be that the calling user must have been authenticated. | | Define ACL scheme. | | | | | | Add ACL checking to authorization. | | | | | | Mechanism to provide users permissions to clients of the API. | | | | | -------------------------------------------------------------- Comment by going to Community [http://community.jboss.org/docs/DOC-16463] Create a new document in JBoss AS7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=102&am...]