Chandler Wiki : Meeting BCM17 Oct 2006

Product | Planning | Teams | Developers | Notes

r2 - 21 Oct 2006 - 10:33:49 - VinubalajiGopalYou are here: OSAF > Journal Web > MeetingBCM17Oct2006

Authentication based on different services - dav, ui, atom or something else..the xml files defines the filter for each service. After going through the entire chains (specific service chains) it authenticates the user. For example: DAV has HTTP authentication and ticket based authentication, but no web based authentication. The filter decides on the kind of authentication each service supports

Authorization

Three voters

TicketVoter^?
HomeVoter^? - needs to replace it with ACL
RoleVoter^?

Right now there is no aspect oriented programming in Cosmo. So all the services take care of the security stuff. This should change - we should apply Aspects (implement advice) to take care of the security stuff and free the service layers from security related stuff. For eg: the dav service layer checks if the user is authorized to get the resource and we need to segregate this by using Aspect Oriented programing. Another thing at the service layer the authorization has to be checked again since the entire thing can be pluggable with Authentication object passed from the Filters.

Cosmo Security Context is a wrapper to the actual security context and provides easy access to the security methods

-- VinubalajiGopal - 19 Oct 2006

chandlerproject.org

VISION
TOUR

Download Desktop
Get a Hub Account
Get Chandler Server

FAQ
Get Started

Blog
Mailing Lists
Chat on IRC

Report a Bug
Get Involved

OSAF Community
About OSAF

Journal Wiki Changes

Open Source Applications Foundation

Except where otherwise noted, this site and its content are licensed by OSAF under an Creative Commons License, Attribution Only 3.0.
See list of page contributors for attributions.