« Return to Thread: high level design from wiki
Re: high level design from wiki
by Roland Weber
::
Rate this Message:
Hi Noel,
>> * Should the user management default be Apache Directory or a
>> simple database?
>
> User management is ambiguous. Are we talking about authentication?
> Authorization? And we should probably not be dependent on a particular
> repository type.
That was the only occurrence of the term that I left in the
proposal :-) Since Apache Directory was mentioned, I found
it unambiguous there. The real choice is of course LDAP or
relational DB.
>> * How will access control be implemented?
>
> TBD, and it may exist at different control points, e.g., at the business
> logic level (container or component managed) and data store level
> (JCR/JackRabbit).
Good point.
>> * Will the Web service just provide data for machine to machine
>> exchanges or will it default to human readable?
>
> I doubt that the "Web service" would be in any way human readable, by
> default or otherwise.
:-)
>> Access control should provide the option to mark photos as public
>> (anyone), protected (invite only), or private (just the owner).
>> Options for managing the invites for each user are LDAP or a simple
>> database. Permission checking can be implemented in the backend
>> as a Jackrabbit access manager or in an application layer. Candidate
>> technologies are JAAS and JSecurity, which both allow for pluggable
>> authentication.
>
> As noted above, access control (authorization) can be handled at multiple
> points. The surface area related to authorization should be strictly
> limited, and not pervasive.
Agreed. The "or" was meant as an exclusive-or.
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: projects-unsubscribe@...
For additional commands, e-mail: projects-help@...
>> * Should the user management default be Apache Directory or a
>> simple database?
>
> User management is ambiguous. Are we talking about authentication?
> Authorization? And we should probably not be dependent on a particular
> repository type.
That was the only occurrence of the term that I left in the
proposal :-) Since Apache Directory was mentioned, I found
it unambiguous there. The real choice is of course LDAP or
relational DB.
>> * How will access control be implemented?
>
> TBD, and it may exist at different control points, e.g., at the business
> logic level (container or component managed) and data store level
> (JCR/JackRabbit).
Good point.
>> * Will the Web service just provide data for machine to machine
>> exchanges or will it default to human readable?
>
> I doubt that the "Web service" would be in any way human readable, by
> default or otherwise.
:-)
>> Access control should provide the option to mark photos as public
>> (anyone), protected (invite only), or private (just the owner).
>> Options for managing the invites for each user are LDAP or a simple
>> database. Permission checking can be implemented in the backend
>> as a Jackrabbit access manager or in an application layer. Candidate
>> technologies are JAAS and JSecurity, which both allow for pluggable
>> authentication.
>
> As noted above, access control (authorization) can be handled at multiple
> points. The surface area related to authorization should be strictly
> limited, and not pervasive.
Agreed. The "or" was meant as an exclusive-or.
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: projects-unsubscribe@...
For additional commands, e-mail: projects-help@...
« Return to Thread: high level design from wiki
| Free embeddable forum powered by Nabble | Forum Help |
