Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / August 2007

Tip: Looking for answers? Try searching our database.

Application permissions module

Thread view: 
Enable EMail AlertsStart New Thread
k.adamczyk - 28 Aug 2007 07:32 GMT
Hi,

I am writting a new application using Eclipse RCP and GlassFish.
One of the application's modules is a permissions module that lets the
administrator
assign rights (permissions) to the users. Then the assigned permissions will
have influence
on enabling/disabling menu options, buttons etc.
I will be grateful for some advice what technology should I use (JAAS,
aspect programming, ...).
I don't want to mix the permission-checking code with the application-logic
code.

Greetings,
Chris
Reply to this Message
Edward Feustel - 28 Aug 2007 21:45 GMT
> Hi,
>
[quoted text clipped - 11 lines]
> Greetings,
> Chris

Chris,
You might want to look at Sun's XACML on sourceforge. Then write a
policy enforcement module that interprets the credentials the application
provides
(probably authenticated using SAML) against the XML SAML policy and says yes
or no to the authorization request.
Ed Feustel
Reply to this Message
k.adamczyk - 30 Aug 2007 13:02 GMT
Dear Ed,

Many thanks for your reply.
I haven't ever heard about XACML. Is it commonly used?
The sourceforge site of this project has been modified more than a year ago
the last time. Isn't this project outdated?
Don't get me wrong, I'm just trying to make a good decision and
I'm gathering arguments :)

Best regards,
Chris

>> Hi,
>>
[quoted text clipped - 19 lines]
> yes or no to the authorization request.
> Ed Feustel
Reply to this Message
Edward Feustel - 31 Aug 2007 12:12 GMT
> Dear Ed,
>
[quoted text clipped - 32 lines]
>> yes or no to the authorization request.
>> Ed Feustel

Chris,
I am not positive about where the XACML standard is these days.
I would suggest that you contact the OASIS. OASIS is the consortium
that is handling XACML and SAML and is attempting to encourage the
implementation of PKI.

The first set of modifications was done to permit integration with a later
version of SAML.
You might want to contact contributors on Source Forge to determine whether
their Java
XACML demo has been updated. I am fairly certain that newer version of SAML
has
been implemented. I believe that Shibboleth, a middleware authorization
system, and SIGNET, a middleware privilege management system, use it.

If  I can find some students at Dartmouth, I would hope we can build a
new Policy Decision Process(PDP)  and a new Policy Enforcement Process (PEP)
that will be usable in a distributed system.  Ideally, the  PDP will permit
retrieving decisions from other PDPs (using SAML) and the PEP will use
decisions
from the master PDP (using SAML). This will require a PKI in place, but
Dartmouth has one.

If you find that there are missing pieces, please let me know!
Thanks,
Ed
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.