[jboss-dev-forums] [PicketBox Development] - Security Requirements Document

Anil Saldhana do-not-reply at jboss.com
Mon Aug 13 10:58:33 EDT 2012 

Anil Saldhana [https://community.jboss.org/people/anil.saldhana] created the document:

"Security Requirements Document"

To view the document, visit: https://community.jboss.org/docs/DOC-19755

--------------------------------------------------------------
This document will collect the requirements for security for the various JBoss Community projects in one place.
h2. 
h2. Projects Providing Requirements
1. JBoss Application Server
2. Aerogear
3. JBoss Developer Framework/JBossWay
4. RESTEasy
5. GateIN
6. DeltaSpike
7. ModeShape
8. Teiid


h2. Requirements

(In Progress)

1. Need simpler application security programming model.
2. Need better control over authentication mechanism.
3. Need security detached from the containers.
4. Need an Identity Management Model. (Represent Users/Roles/Groups/Attributes with databases/ldap).
5. Need Challenge/Response based authentication model.
6. Need fine grained authorization and permission model.
7. Need support for SAML2, OAuth2, JOSE.


Special requirements from DML:
*  Authorization framework that is compatible with the EJB security model and also integrates with EE 7 security manager requirements and AccessControlContext 
* Possible alternative to AccessControlContext for performance-sensitive applications 
* Long term, a possibly fine-grained authorization framework for server and domain management 
* Consolidated secure materials management (key management, certificate management, trust management) 
* Alternative authentication mechanisms (e.g. private key authentication, maybe revisit SRP) for web and SASL (in addition to supporting existing mechanisms such as so-called "silent" auth) 
* Support alternative identity/principal types (e.g. public keys, certificates) in addition to user name 
* Support multiple identity realms based on selection criteria (realm if supported, or other criteria such as source IP address, chosen auth mechanism, or other principal like client cert) 


h2. Reference https://community.jboss.org/docs/DOC-19232 Authentication API Design 
1.  https://community.jboss.org/docs/DOC-19232 Authentication API Design
--------------------------------------------------------------

Comment by going to Community
[https://community.jboss.org/docs/DOC-19755]

Create a new document in PicketBox Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2088]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120813/16278afd/attachment.html

More information about the jboss-dev-forums mailing list