I have been thinking about the run-as scenarios. It will not be difficult to define the
various semantics of this - in-vm or an explicit trust association (via transport, saml
assertion or custom).
One implementation issue I have is how will the client proxy pick up the caller security
context that includes any deployment level trust settings without using some kind of a
threadlocal stack (one level will be sufficient), just like the current
SecurityAssociation stacks. This is really important for inter-vm calls. Some kind of an
injection semantics will suffice, but I am not aware of any such setup within JBoss. Any
possible ideas here?
View the original post :
Reply to the post :