Anil,

I like the idea that we are separating out the security logic from Seam 3 so that it can mature and integrate in its own cycles...basically not being tied to Seam.

However, what concerns me is the change in developer experience. Security in Seam 2 is so simple to understand. There is barely any configuration, it ties in nicely with the managed ORM sessions and it covers role-based, rule-based and ACL authorization, plain and simple.

From looking at the PicketBox wiki pages, I just see a lot of configuration that makes my eyes cross. I just don't get what I am looking at, really. Either it is going to be more complicated, or you guys just don't have a basic example for people to grok. Can you paint a clearer picture for us?

Thanks,

-Dan

On Fri, Mar 5, 2010 at 12:32 PM, PicketBox JBoss <picketbox@gmail.com> wrote:
Hi all,
   (I created this gmail address for twitter for Project PicketBox. I may as well use it for mailing lists).

Shane and I had a couple of days of intense discussion on security at Brisbane last week. Some of those discussions were fed back into the PicketBox project. 

Read more on Project PicketBox here:
http://anil-identity.blogspot.com/2010/03/project-picketbox-security-for-java.html

I guess when Seam 3 is released, we are going to offload majority of the security code to PicketBox.

I will be loitering around this dev list to basically answer any security related questions.

Regards,
Anil Saldhana

_______________________________________________
seam-dev mailing list
seam-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/seam-dev




--
Dan Allen
Senior Software Engineer, Red Hat | Author of Seam in Action
Registered Linux User #231597

http://mojavelinux.com
http://mojavelinux.com/seaminaction
http://www.google.com/profiles/dan.j.allen