[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jetspeed-user
Subject:    Re: JS Groups-Roles-Permissions
From:       "David Sean Taylor" <david () bluesunrise ! com>
Date:       2001-11-28 17:28:11
[Download RAW message or body]

We did some work on the Jetspeed security features a while back:
- added role-based security for registry entries
- security maintenance portlets for users, roles, groups
- permission checks to access portlets

One thing I personally find outstanding is that we could add better secured
access to psml pages.

Others on the list have had proposals about how security 'should' work, but
its often difficult to find a consensus. The role-based security approach
based on the turbine security model has some loopholes. I believe a better
security model would be one like the one described in the security proposal
by the SAP developers in the cvs under /proposals/0004.txt.
(I just read that SAP bought TopTier - a commercial portal )
however the proposed security model would take a larger development effort.

----- Original Message -----
From: "ICM S Op Guest 5" <ICM-S-OP.guest-5@icn.siemens.de>
To: "Jetspeed Users List" <jetspeed-user@jakarta.apache.org>
Sent: Wednesday, November 28, 2001 7:55 AM
Subject: JS Groups-Roles-Permissions


> Hi,
>
> is there anybody working on these?
> Is there a scheme or a structure available which shows how this is
planned/should be implemented for/into jetspeed?
>
> Andreas
>
> --
> To unsubscribe, e-mail:
<mailto:jetspeed-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:jetspeed-user-help@jakarta.apache.org>
>
>



--
To unsubscribe, e-mail:   <mailto:jetspeed-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-user-help@jakarta.apache.org>

[prev in list] [next in list] [prev in thread] [next in thread]