[security-dev] PicketBox v5.0.0.Final is out
Anil Saldhana
Anil.Saldhana at redhat.com
Wed Feb 13 13:18:45 EST 2013
On 02/13/2013 04:45 AM, Bruno Oliveira wrote:
>
> On Friday, February 8, 2013 at 9:36 PM, Anil Saldhana wrote:
>
>> Hi All,
>> our release ninja, Pedro has released PicketBox 5.0.0.Final whose
>> notes is at https://docs.jboss.org/author/display/SECURITY/5.0.0.Final
>>
>> We delayed the release mainly to accommodate PicketLink v3.0 IDM that
>> was under development. PicketBox5 uses the most recent version of IDM.
> Congratulation guys.
>>
>> ==============
>> ** What is PicketBox5? **
>> ==============
>> PicketBox5 is a project that provides the various tools for Java
>> Security.
>> https://docs.jboss.org/author/display/SECURITY/SecurityProjectsArchitecture
>>
>> ==================
>> ** Are there quickstarts? **
>> ==================
>> https://docs.jboss.org/author/display/SECURITY/PicketBox+Quickstarts
> Looks like the quickstarts are referencing to the Pedro's repository,
> not PicketBox repository.
>>
>> ==================
>> ** Where is PicketBox5 useful? **
>> ==================
>> Java Applications wherever the following are needed:
>> * Authentication.
>> * Authorization
>> * Audit
>> * Session Management (non-http based)
>> * Entitlements Management
>> (https://docs.jboss.org/author/display/SECURITY/EntitlementsManager)
>>
>> It does have general purpose HTTP authentication (basic/form/digest)
>> support that is not EE container security
>> driven.(https://docs.jboss.org/author/display/SECURITY/PicketBox+HTTP)
>>
>> =========================
>> ** How is this different from PicketLink v3? **
>> =========================
> Here comes the tricky part to understand, at least for me. If I recall
> correctly PicketLink v3 is our
> opportunity to build something new from the experience of Seam
> Security, PicketBox, GateIn, Resteasy….
>
> Are we filling the gaps with PicketBox instead of provide the final
> solution? For example, picketlink provides something like this for me:
>
> package org.picketlink.internal;
>
> public class DefaultIdentity implements Identity….
>
> On picketlink-extensions I have:
>
> package org.picketlink.extensions.core.pbox;
>
> public class DefaultPicketBoxIdentity extends DefaultIdentity
> implements PicketBoxIdentity…
>
> It makes me confuse. Are we filling the gaps on PicketLink or creating
> workarounds inside something new?
Applications should use PicketLink for their security needs. The
challenge is PicketLink does not yet have many features (Eg: non http
session management). Getting user feedback on PicketLink will take time.
We do not want to stuff everything into PicketLink beyond what is
needed. The stop gap solution is the PicketLink extensions mechanism
that apps are free to optionally use.
What PicketLink extensions will ultimately deliver is some prepackaged
REST services such as account creation, signin, logout, social and
anything that does not yet belong in PicketLink. As we add more stuff
into PicketLink v3.0.x based on user feedback, the PicketLink extensions
project will get leaner.
We just have to let some time pass.
>
>> PicketLink v3 is our umbrella project for enabling security for JavaEE
>> applications (EE6+). PicketLinkv3 contains core security, IDM, SAML,
>> OAuth and Social (facebook/twitter/openid) components that are useful
>> for JavaEE applications. There is PicketLink Extensions project that
>> does use PicketBox5 underneath to fill in some of the gaps missing in
>> PicketLink v3, as we are transitioning features into PL3 based on user
>> demand.
>>
>> Feedback welcome.
>>
>> Now onto making PicketLink v3 Final release a reality. :)
>>
>> Regards,
>> Anil
More information about the security-dev
mailing list