[security-dev] security domain solely as a metadata store

[Bill Burke]

I want to discuss a bit about what a AS7/Pickelink security domain's 
responsibilities should be in the new architecture.  Currently the 
responsibilities of the security domain are blurred.  Sometimes its just 
a metadata store (user/password), sometimes it partially implements a 
security protocol, sometimes it implements all of a protocol.

I'd like to make the case that the security domain is solely a metadata 
store and that it should not handle anything protocol related.  Protocol 
related processing should be done in a Web filter/valve, EJB 
interceptor, or whatever is available at the protocol level.

Picketbox should be a set of utilities for helping to build security 
protocols.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com