[security-dev] Authorization constructs in PicketLink3
Pete Muir
pmuir at redhat.com
Thu May 2 11:24:17 EDT 2013
Isn't this what the permissions module is for (API/SPI for authorisation)? I know it's not finished, but I think we have time to do that for 3.0…
We then add things like the RBAC filter delegating to it.
On 2 May 2013, at 16:21, Anil Saldhana <Anil.Saldhana at redhat.com> wrote:
> That is what I meant by pluggable. But we need to be aware of
> dependencies getting pulled into core. We
> do not want a dependency on drools, for example, to use core. If users
> want some particular authz stuff,
> they should be able to pull in those dependencies.
>
> I do not know yet how to get that done. ;)
>
> On 05/02/2013 09:54 AM, Pedro Igor Silva wrote:
>> Maybe something we started with PicketBox, using Drools for rule-based authz, pluggable authz managers, etc.
>>
>> JBoss Seam 2 also supports Drools for authorization ....
>>
>> ----- Original Message -----
>> From: "Anil Saldhana" <Anil.Saldhana at redhat.com>
>> To: security-dev at lists.jboss.org
>> Sent: Thursday, May 2, 2013 11:38:40 AM
>> Subject: Re: [security-dev] Authorization constructs in PicketLink3
>>
>> We have to remember the permission model work using IDM.
>>
>> I wonder if this filter can use pluggable authorization mechanisms, then
>> maybe the perfect start.
>>
>> On 05/02/2013 09:36 AM, Pedro Igor Silva wrote:
>>> I was looking at the org.picketlink.authentication.web.AuthenticationFilter. This class resides on core-api and we did it given some input from AG for DIGEST and BASIC authentication.
>>>
>>> Wondering if the authz filter we did for TIMO does not fit in the same case.
>>>
>>> ----- Original Message -----
>>> From: "Anil Saldhana" <Anil.Saldhana at redhat.com>
>>> To: security-dev at lists.jboss.org
>>> Sent: Tuesday, April 30, 2013 11:42:25 AM
>>> Subject: [security-dev] Authorization constructs in PicketLink3
>>>
>>> Shane/Pedro - we should start discussing the constructs for
>>> authorization in PL3. We have a few options on the table. We need to
>>> figure out what we need such that for PL3 users, we have some options.
>>> Lets use this thread to figure out the various options/strategies.
>>>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list