10:14 p.m.
Thank you everyone for the feedback on the schedule I proposed on the AS7 list (before the
rename). The common consensus seemed to be that the schedule was too aggressive and could
use more contingency time. In addition, after the releasing the original proposal, a
number of our EAP customers have requested that we add Role/Resource Based Access Control
into a future EAP 6.x release. In order for that to happen we need to include the feature
in our WildFly 8 release and adjust the schedule accordingly.
Based on these two factors I have added another three months to the original proposal. We
still aim to release iteratively every month, so that everyone has a chance to try out our
most recent work.
The new schedule is as follows:
8.0.0.Final - 11/Nov/13
8.0.0.CR1 - 10/Oct/13
8.0.0.Beta2 - 09/Sep/13
8.0.0.Beta1 - 08/Aug/13
8.0.0.Alpha3 - 11/Jul/13
8.0.0.Alpha2 - 11/Jun/13
8.0.0.Alpha1 - 16/May/13
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
10:21 p.m.
a number of our EAP
customers have requested that we add Role/Resource Based Access Control into
a future EAP 6.x release.
What would you say if someone asked you to try to make this new RBAC feature
generic/extensible such that applications/layered products could plug into it and use it
for their own authorization purposes? Not only to allow to hook into the roles, but also
be able to attach custom external (app-specific) entities to the roles so third party apps
could use the roles and attach their own concept of "resources" or other
entities to the roles?
I'm looking for an answer other than !@#$% ;) (sorry, couldn't resist)
10:23 p.m.
John,
Read about current plans here:
https://community.jboss.org/wiki/ManagementLayerRBAC
Or join discussion on IRC and as always extra pair of hands can come handy
:)
--
tomaz
-----Original Message-----
From: wildfly-dev-bounces(a)lists.jboss.org [mailto:wildfly-dev-
bounces(a)lists.jboss.org] On Behalf Of John Mazzitelli
Sent: Thursday, May 9, 2013 10:21 PM
To: Jason Greene; wildfly-dev(a)lists.jboss.org
Subject: Re: [wildfly-dev] WildFly 8 Schedule
> a number of our EAP
> customers have requested that we add Role/Resource Based Access
> Control into a future EAP 6.x release.
What would you say if someone asked you to try to make this new RBAC
feature
generic/extensible such that applications/layered products could plug
into it and
use it for their own authorization purposes? Not only to allow to
hook
into the
roles, but also be able to attach custom external (app-specific)
entities to the
roles so third party apps could use the roles and attach their own
concept of
"resources" or other entities to the roles?
I'm looking for an answer other than !@#$% ;) (sorry, couldn't resist)
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev
10:30 p.m.
This one is more up to date:
https://community.jboss.org/wiki/AccessControlNotes
On May 9, 2013, at 3:23 PM, Tomaz Cerar <tomaz.cerar(a)redhat.com> wrote:
John,
Read about current plans here:
https://community.jboss.org/wiki/ManagementLayerRBAC
Or join discussion on IRC and as always extra pair of hands can come handy
:)
--
tomaz
> -----Original Message-----
> From: wildfly-dev-bounces(a)lists.jboss.org [mailto:wildfly-dev-
> bounces(a)lists.jboss.org] On Behalf Of John Mazzitelli
> Sent: Thursday, May 9, 2013 10:21 PM
> To: Jason Greene; wildfly-dev(a)lists.jboss.org
> Subject: Re: [wildfly-dev] WildFly 8 Schedule
>
>> a number of our EAP
>> customers have requested that we add Role/Resource Based Access
>> Control into a future EAP 6.x release.
>
> What would you say if someone asked you to try to make this new RBAC
feature
> generic/extensible such that applications/layered products could plug
into it and
> use it for their own authorization purposes? Not only to allow to hook
into the
> roles, but also be able to attach custom external (app-specific)
entities to the
> roles so third party apps could use the roles and attach their own
concept of
> "resources" or other entities to the roles?
>
> I'm looking for an answer other than !@#$% ;) (sorry, couldn't resist)
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
10:29 p.m.
On May 9, 2013, at 3:21 PM, John Mazzitelli <mazz(a)redhat.com> wrote:
> a number of our EAP
> customers have requested that we add Role/Resource Based Access Control into
> a future EAP 6.x release.
What would you say if someone asked you to try to make this new RBAC feature
generic/extensible such that applications/layered products could plug into it and use it
for their own authorization purposes? Not only to allow to hook into the roles, but also
be able to attach custom external (app-specific) entities to the roles so third party apps
could use the roles and attach their own concept of "resources" or other
entities to the roles
That's a good question. I should have qualified that this feature is a domain
management feature, and pertains to its specific configuration model. It's not really
applicable to application authorization control. That said the picketlink project and some
of its new IDM features under development might be what you are after.
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
10:31 p.m.
I'd say !@#$%
I'd also say I'm interested to hear more, but the schedule we are
working on is very tight and the first iteration is going to target a
pretty specific set of use cases.
The feature is related to server/domain administrative security, not
application security. I understand that's a bit blurry when the
application is doing server/domain administration.
On 5/9/13 3:21 PM, John Mazzitelli wrote:
> a number of our EAP
> customers have requested that we add Role/Resource Based Access Control into
> a future EAP 6.x release.
What would you say if someone asked you to try to make this new RBAC feature
generic/extensible such that applications/layered products could plug into it and use it
for their own authorization purposes? Not only to allow to hook into the roles, but also
be able to attach custom external (app-specific) entities to the roles so third party apps
could use the roles and attach their own concept of "resources" or other
entities to the roles?
I'm looking for an answer other than !@#$% ;) (sorry, couldn't resist)
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev
--
Brian Stansberry
Principal Software Engineer
JBoss by Red Hat
10:37 p.m.
On May 9, 2013, at 4:31 PM, Brian Stansberry <brian.stansberry(a)redhat.com> wrote:
I'd say !@#$%
I had a similar response when I saw RBAC on such a short runway :)
I'd also say I'm interested to hear more, but the schedule we are
working on is very tight and the first iteration is going to target a
pretty specific set of use cases.
The feature is related to server/domain administrative security, not
application security. I understand that's a bit blurry when the
application is doing server/domain administration.
Since the 'application' John is referring to is RHQ those use-cases you're
targeting are pretty much a subset of what he has in mind (at the risk of putting words in
his mouth, though that's never stopped me before).
I had similar questions for other layered products - if, say, SOA, had some administrative
concepts or roles that weren't present in EAP then should that product be expected to
take advantage of RBAC or does it need to provide an additional RBAC mechanism?
On 5/9/13 3:21 PM, John Mazzitelli wrote:
>> a number of our EAP
>> customers have requested that we add Role/Resource Based Access Control into
>> a future EAP 6.x release.
>
> What would you say if someone asked you to try to make this new RBAC feature
generic/extensible such that applications/layered products could plug into it and use it
for their own authorization purposes? Not only to allow to hook into the roles, but also
be able to attach custom external (app-specific) entities to the roles so third party apps
could use the roles and attach their own concept of "resources" or other
entities to the roles?
>
> I'm looking for an answer other than !@#$% ;) (sorry, couldn't resist)
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
--
Brian Stansberry
Principal Software Engineer
JBoss by Red Hat
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev
10:42 p.m.
SOA should tell me what these are ASAP.
What we are going to do for WildFly 8 is very limited though and it's
not likely to expand much.
On 5/9/13 3:37 PM, Alan Santos wrote:
On May 9, 2013, at 4:31 PM, Brian Stansberry <brian.stansberry(a)redhat.com> wrote:
> I'd say !@#$%
I had a similar response when I saw RBAC on such a short runway :)
>
> I'd also say I'm interested to hear more, but the schedule we are
> working on is very tight and the first iteration is going to target a
> pretty specific set of use cases.
>
> The feature is related to server/domain administrative security, not
> application security. I understand that's a bit blurry when the
> application is doing server/domain administration.
>
Since the 'application' John is referring to is RHQ those use-cases you're
targeting are pretty much a subset of what he has in mind (at the risk of putting words in
his mouth, though that's never stopped me before).
I had similar questions for other layered products - if, say, SOA, had some
administrative concepts or roles that weren't present in EAP then should that product
be expected to take advantage of RBAC or does it need to provide an additional RBAC
mechanism?
>
> On 5/9/13 3:21 PM, John Mazzitelli wrote:
>>> a number of our EAP
>>> customers have requested that we add Role/Resource Based Access Control into
>>> a future EAP 6.x release.
>>
>> What would you say if someone asked you to try to make this new RBAC feature
generic/extensible such that applications/layered products could plug into it and use it
for their own authorization purposes? Not only to allow to hook into the roles, but also
be able to attach custom external (app-specific) entities to the roles so third party apps
could use the roles and attach their own concept of "resources" or other
entities to the roles?
>>
>> I'm looking for an answer other than !@#$% ;) (sorry, couldn't resist)
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>
>
> --
> Brian Stansberry
> Principal Software Engineer
> JBoss by Red Hat
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
--
Brian Stansberry
Principal Software Engineer
JBoss by Red Hat
10:53 p.m.
On May 9, 2013, at 4:42 PM, Brian Stansberry <brian.stansberry(a)redhat.com> wrote:
SOA should tell me what these are ASAP.
I understand - but I think it's simply a matter of no-one having the time on that team
to think about it.
What we are going to do for WildFly 8 is very limited though and
it's not likely to expand much.
On 5/9/13 3:37 PM, Alan Santos wrote:
>
> On May 9, 2013, at 4:31 PM, Brian Stansberry <brian.stansberry(a)redhat.com>
wrote:
>
>> I'd say !@#$%
>
> I had a similar response when I saw RBAC on such a short runway :)
>
>>
>> I'd also say I'm interested to hear more, but the schedule we are
>> working on is very tight and the first iteration is going to target a
>> pretty specific set of use cases.
>>
>> The feature is related to server/domain administrative security, not
>> application security. I understand that's a bit blurry when the
>> application is doing server/domain administration.
>>
>
>
> Since the 'application' John is referring to is RHQ those use-cases
you're targeting are pretty much a subset of what he has in mind (at the risk of
putting words in his mouth, though that's never stopped me before).
>
>
> I had similar questions for other layered products - if, say, SOA, had some
administrative concepts or roles that weren't present in EAP then should that product
be expected to take advantage of RBAC or does it need to provide an additional RBAC
mechanism?
>
>
>
>
>
>>
>> On 5/9/13 3:21 PM, John Mazzitelli wrote:
>>>> a number of our EAP
>>>> customers have requested that we add Role/Resource Based Access Control
into
>>>> a future EAP 6.x release.
>>>
>>> What would you say if someone asked you to try to make this new RBAC feature
generic/extensible such that applications/layered products could plug into it and use it
for their own authorization purposes? Not only to allow to hook into the roles, but also
be able to attach custom external (app-specific) entities to the roles so third party apps
could use the roles and attach their own concept of "resources" or other
entities to the roles?
>>>
>>> I'm looking for an answer other than !@#$% ;) (sorry, couldn't
resist)
>>> _______________________________________________
>>> wildfly-dev mailing list
>>> wildfly-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>>
>>
>> --
>> Brian Stansberry
>> Principal Software Engineer
>> JBoss by Red Hat
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
--
Brian Stansberry
Principal Software Engineer
JBoss by Red Hat
4282
days inactive
4282
days old
8 comments
5 participants
participants (5)
-
Alan Santos -
Brian Stansberry -
Jason Greene -
John Mazzitelli -
Tomaz Cerar