January 2014 - security-dev - Jboss List Archives

by Stuart Douglas

Hi, Are there any plans to move Picketbox to github? It makes it much easer for people outside the security team to submit fixes etc. Stuart

10 years, 7 months

4
11
0 / 0

Picketlink / Agorava integration

by George Gastaldi

Hello, I have developed a simple application showing how to integrate PicketLink with Agorava. Check this out: https://github.com/gastaldi/agorava-picketlink Best Regards, -- George Gastaldi | Senior Software Engineer JBoss Forge Team Red Hat

10 years, 8 months

2
1
0 / 0

Entitlements Concept

by Anil Saldhana

Hi All, any objections to getting the Entitlements Manager concept into PicketLink Authorization? That way we cover all based with both Fine Grained Authorization (Permissions API/Implementation) as well as download of entitlements. My previous prototype: https://docs.jboss.org/author/display/SECURITY/EntitlementsManager (there are bugs in the test case which I will fix) While the FGA is what I call the Enforcement Model, the EntitlementsManager concept is what I call the Entitlement Model. I am currently writing a specification at OASIS for this: https://www.oasis-open.org/committees/document.php?document_id=52098&wg_a... Regards, Anil

10 years, 9 months

3
8
0 / 0

Permission API, Implementation and Quickstart

by Anil Saldhana

Hi Shane/Pedro, can we have a discussion on the Permission API,Implementation and Quickstart on this mailing list to see if we have any feedback from the other teams? Since it will be an important feature for the next beta release, I just want to get people to have a peek at it. ;) Regards, Anil

10 years, 9 months

2
3
0 / 0

Java8: TLS 1.2 default

by Anil Saldhana

blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls

10 years, 9 months

1
0
0 / 0

Community production App using PicketLink Framework

by Anil Saldhana

https://twitter.com/pkkamos/status/426280505257230336 Apart from PicketLink for security, it uses DeltaSpike and WildFlyAS.

10 years, 10 months

1
0
0 / 0

Authentication Risks and Mitigation Strategies

by Anil Saldhana

http://docs.oasis-open.org/trust-el/trust-el-framework/v1.0/csprd01/trust... Section 3.2

10 years, 10 months

1
0
0 / 0

PicketLink 2.6.0.Beta2 Released

by Pedro Igor Silva

Hi All, Today we released PicketLink 2.6.0.Beta2. For more information, please visit our site: http://www.picketlink.org https://community.jboss.org/thread/236124 Documentation can be obtained from: http://docs.jboss.org/picketlink/2/latest Issues for this version: https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310923&versi... Regards. Pedro Igor

10 years, 10 months

3
3
0 / 0

Java Security Policy with denying rules

by Ondra Lukas

Hi, I've implemented Java Security Manager and Policy for using denying rules and I think that maybe someone will be interested in it. Standard Java Policy [1] uses only granting permissions and there are cases when denying rules are more comfortable than granting rules. I would like to know your opinion and get some feedback if you'll be interested. Project is called Prograde (Policy Rules Of GRanting And DEnying) and you can use it as maven artifact: <dependency> <groupId>net.sourceforge.pro-grade</groupId> <artifactId>pro-grade</artifactId> <version>1.0</version> </dependency> Project is also available through github [2] and some tests are in progradeTests project [3]. In the README files of these two github projects is some information about using policy with denying rules. Usage is similar as with standard policy, but you can write also deny entry (keyword "deny") instead of grant. There is a new entry named "priority" which is set to grant or deny value - it says whether grant or deny rule is used if they are in conflict. Some examples of policy files are used in [3]. I think that the main advantage of this type of policy rules and Prograde project is simplification of testing. Sometimes you want to know what behavior will your application have in case that some specific permission isn't granted. In this case you need to grant everything except that permission, so a denying rule is the best option. There are also some imperfections, but I think that they are not so important: - Prograde is not able to work with general expansion [4]. (property expansion works fine) - Path used in codebase entry must contain only a-z, A-Z, 0-9 and some symbols defined in encodeSpecialCharacters protected method of net.sourceforge.prograde.policy.ProgradePolicyFile class. I am planning to fix it in future releases. I hope Prograde will be helpful for somebody and I'll be happy for every feedback. Best regards, Ondrej Lukas [1] http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFile... [2] https://github.com/olukas/pro-grade [3] https://github.com/olukas/progradeTests [4] http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFile...

10 years, 10 months

1
0
0 / 0

PicketLink 2.6.0.Beta2 is delayed a bit

by Anil Saldhana

Hi All, we have run into some issues which is forcing us to delay 2.6.0.Beta2 a bit. The roadmap is here: (we are late) https://docs.jboss.org/author/display/PLINK/RoadMap+-+PicketLink+v2.5.3+a... Maybe 2-3 days. Regards, Anil

10 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

security-dev January 2014