From jboss-identity-commits at lists.jboss.org Tue Oct  6 17:03:10 2009
Content-Type: multipart/mixed; boundary="===============1846491685693577461=="
MIME-Version: 1.0
From: jboss-identity-commits at lists.jboss.org
To: jboss-identity-commits at lists.jboss.org
Subject: [jboss-identity-commits] JBoss Identity SVN: r819 -
 authz/trunk/documentation/reference-guide/en/modules.
Date: Tue, 06 Oct 2009 17:03:10 -0400
Message-ID: <200910062103.n96L3AAg012131@svn01.web.mwc.hst.phx2.redhat.com>

--===============1846491685693577461==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Author: sohil.shah(a)jboss.com
Date: 2009-10-06 17:03:10 -0400 (Tue, 06 Oct 2009)
New Revision: 819

Modified:
   authz/trunk/documentation/reference-guide/en/modules/introduction.xml
Log:
introduction chapter

Modified: authz/trunk/documentation/reference-guide/en/modules/introduction=
.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- authz/trunk/documentation/reference-guide/en/modules/introduction.xml	2=
009-10-06 19:18:36 UTC (rev 818)
+++ authz/trunk/documentation/reference-guide/en/modules/introduction.xml	2=
009-10-06 21:03:10 UTC (rev 819)
@@ -26,25 +26,32 @@
    		<sect2>
    			<title>Clean Separation between Security Logic and Application Logic=
</title>
    			<para>
-   				=

+   				<emphasis>Security Enforcement</emphasis> should be considered a cr=
oss cutting concern just like container managed Transactions. This allows e=
asy customization
+   				of an application's security policy without having to modify the co=
re application codebase. This framework allows decoupling of both <emphasis=
>security logic</emphasis>
+   				and <emphasis>security data/metadata</emphasis> from the core appli=
cation.
    			</para>
    		</sect2>
    		<sect2>
    			<title>Flexibility to apply Security Logic to arbitrary Runtime info=
rmation</title>
    			<para>
-   				=

+   				A good security framework takes into account arbitrary runtime stat=
e of an application while trying to make an access control decision. Most f=
rameworks are satisfied
+   				with merely associating roles/group/membership to protected resourc=
es. A security framework allows decision making based on other runtime stat=
e of the system like, "current time of the day",
+   				"allowed range of ip addresses", "the user's age", etc. This framew=
ork uses a <ulink url=3D"http://www.oasis-open.org/committees/tc_home.php?w=
g_abbrev=3Dxacml">XACML specification</ulink> based rule engine to enable <=
emphasis>Rule based Access Control</emphasis>.
    			</para>
    		</sect2>
    		<sect2>
    			<title>Runtime Management of Security Policy</title>
    			<para>
-   				=

+   			   Besides access control, policy provisioning is the other aspect o=
f a security framework. Security policies should be provisioned dynamically=
 without requiring system
+   			   restarts. It should also provide a consistent API to build provis=
ioning tools to manage these policies. Depending upon the requirements of t=
he application the tools can be
+   			   xml configuration based, GUI based, and/or integrated into centra=
l monitoring tools like JOPR and JON. 	=

    			</para>
    		</sect2>
    		<sect2>
    			<title>A user friendly Developer API</title>
    			<para>
-   				=

+   				The framework exposes an easy to use component oriented developer A=
PI for portability of the security layer across multiple applications and/o=
r multiple infrastructure layers of
+   				the same application.
    			</para>
    		</sect2>
    </sect1>   =



--===============1846491685693577461==--