On May 9, 2013, at 3:21 PM, John Mazzitelli <mazz(a)redhat.com> wrote:
> a number of our EAP
> customers have requested that we add Role/Resource Based Access Control into
> a future EAP 6.x release.
What would you say if someone asked you to try to make this new RBAC feature
generic/extensible such that applications/layered products could plug into it and use it
for their own authorization purposes? Not only to allow to hook into the roles, but also
be able to attach custom external (app-specific) entities to the roles so third party apps
could use the roles and attach their own concept of "resources" or other
entities to the roles
That's a good question. I should have qualified that this feature is a domain
management feature, and pertains to its specific configuration model. It's not really
applicable to application authorization control. That said the picketlink project and some
of its new IDM features under development might be what you are after.
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat