tag:blogger.com,1999:blog-16742043288625525642011-07-07T13:43:27.367-07:00sshah@redhat.comhttp://www.blogger.com/profile/11957034272621965608noreply@blogger.comBlogger11100tag:blogger.com,1999:blog-1674204328862552564.post-82848335940461386322009-10-16T09:18:00.000-07:002009-10-16T11:00:43.751-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_FQrj45toPzA/StipRpS9UsI/AAAAAAAAAAU/R_q2PGgD0q0/s1600-h/authz-architecture-detailed.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 309px; height: 400px;" src="http://2.bp.blogspot.com/_FQrj45toPzA/StipRpS9UsI/AAAAAAAAAAU/R_q2PGgD0q0/s400/authz-architecture-detailed.png" alt="" id="BLOGGER_PHOTO_ID_5393246674384409282" border="0" /></a> <br /> <br /><span style="font-size:100%;"><span style="font-family:verdana;">I would like to start the early feedback loop on<span style="font-size:130%;"> <span style="font-weight: bold;"></span></span></span></span><span style="font-weight: bold;font-family:verdana;font-size:100%;" >JBoss Authz</span><span style="font-size:100%;"><span style="font-family:verdana;">.<span style="font-weight: bold;"> </span></span></span>A<span style="font-size:100%;"><span style="font-family:verdana;"> <span style="font-style: italic;">"Rule based"</span> Authorization Framework for Java applications.</span> <br /></span> <br /><span style="font-family:verdana;">Technical Features:</span> <br /><ul style="font-family:times new roman;"><li><span style="font-size:85%;">Built on top of a standards compliant XACML rule engine (implementation: JBossXACML). For more spec info: <a class="moz-txt-link-freetext" href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml" target="_blank">http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml</a></span></li> <br /><li><span style="font-size:85%;">Ability to create complex security rules taking into account useful contextual data like I<span style="font-style: italic;">dentity, Roles/Groups, Arbitrary Http Headers, Java Method parameters, Java Fields, Date/Time information, IP Address information</span>. There is no restriction on what information can be used for making access decision. This is a breakway from frameworks that are designed primarily around the concept of "user roles and permissions". </span></li> <br /><li><span style="font-size:85%;"><span style="font-style: italic;">Dynamic provisioning</span> of security policies (no application/system restarts) </span></li> <br /><li><span style="font-size:85%;">A Developer friendly component oriented API. Developers do not need any familiarity with the <span style="font-style: italic;">low-level complex XACML XML hell</span>. </span></li> <br /><li><span style="font-size:85%;">A common/central Security Manager for all your applications, without having to write/maintain a separate Security subsystem for each. </span></li> <br /><li><span style="font-size:85%;">Ability to integrate<span style="font-style: italic;"> application security</span> with central monitoring tools like JOPR, JON (JBoss Operation Network) </span></li></ul> <br />Advantages:<ul style="font-family:times new roman;"> <br /><li><span style="font-size:85%;">Authorization is treated as a <span style="font-style: italic;">"true"</span> cross cutting concern of an application </span></li> <br /><li><span style="font-size:85%;">Provides a clean decoupling of security related <span style="font-style: italic;">logic and data/metadata</span> from the underlying application codebase. </span></li></ul><ul style="font-family:times new roman;"><li><span style="font-size:85%;">Security requirements for the <b style="font-style: italic; font-weight: bold;" class="moz-txt-star">same exact</b><span style="font-style: italic; font-weight: bold;"> application codebase</span> can be fully customized, including all the logic. Big plus for ISVs that bundle stuff as part of their own offering.</span> </li> <br /><li><span style="font-size:85%;">Ability to easily drop in infrastructure level security profiles like ht<span style="font-style: italic;">tp profile, portal profile, seam profile, ejb3 profile</span></span></li></ul>Project Information <br /> <br /><ul style="font-family:times new roman;"><li><span style="font-size:85%;">Website: <a class="moz-txt-link-freetext" href="http://jboss.org/jbossidentity/" target="_blank">http://jboss.org/jbossidentity/</a></span></li> <br /><li><span style="font-size:85%;">Download: <a class="moz-txt-link-freetext" href="http://jboss.org/jbossidentity/downloads" target="_blank">http://jboss.org/jbossidentity/downloads</a></span></li> <br /><li><span style="font-size:85%;">Blog: <a class="moz-txt-link-freetext" href="http://authz.blogspot.com/" target="_blank">http://authz.blogspot.com/</a></li> <br /><li><span style="font-size:85%;">Anonymous SVN: <a class="moz-txt-link-freetext" href="http://anonsvn.jboss.org/repos/jbossidentity/authz/" target="_blank">http://anonsvn.jboss.org/repos/jbossidentity/authz/</a></span></li> <br /><li><span style="font-size:85%;">Committer SVN: <a class="moz-txt-link-freetext" href="https://svn.jboss.org/repos/jbossidentity/authz/" target="_blank">https://svn.jboss.org/repos/jbossidentity/authz/</a></span></li></ul> <ul face="times new roman"> <br /></ul> <div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1674204328862552564-8284833594046138632?l=authz.blogspot.com' alt='' /></div>sshah@redhat.comhttp://www.blogger.com/profile/11957034272621965608noreply@blogger.com0