Log in to follow, share, and participate in this community.
Thread XACML Administration
XACML AdministrationThis is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin...
XACML EnforcementThis is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin...
XACML PerformanceThis is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin...
XACML Best PracticesThis is a post in a serious of discussions I was starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am shari...
XACML CachingWe have an article http://community.jboss.org/wiki/XACMLCachingForPerformance Dan has some good comments on caching in xacml engine. This thread will try to brainstorm performance enhancing xacml caching. ...
Callback HandlersI would like to brainstorm the requirements for callback handlers from DB and LDAP primarily. DML had asked for this last year and I never prioritized this. https://jira.jboss.org/jira/browse/SECURITY-467 ht...
SecurityDomain AnnotationI'm creating a WebApplication using Jboss AS 7 and trying to use a Form Based Authentication using a DatabaseServerLoginModule. My authentication and roles are ok. I had a problem to protect a EJB clas...
PicketBox Cachehi everybody, I'm a newbie in XACML and I'm happy to find such a community. My first question is: Where can I find a "HowTo PEP-PDP Implementation as Webservice"? The second question: How does PEP-Side Cach...
Loading many policy sets from the codeHi, Is it possible to load many policy sets from the code instead dynamicall from a file (as it is described http://community.jboss.org/wiki/XACMLRBACLocator). When I try: XACMLPolicy ps1 = PolicyFactory.cre...
AS7 Password Encryption / ObfuscationFor AS7 are there any plans to be updating the mechanisms we provide for encrypting / obfuscating passwords? For previous AS releases I have seen issues regarding the fact that there are many locations that pa...
AS7: Web Subsystem: JSSE/OpenSSL SettingsThis thread is to capture the effort to derive a common configuration that can be used for both JSSE and OpenSSL. This is currently evident in the web subsystem (File: org.jboss.as.web.WebConnectorService) ...
AS7: Identity ModelI want to dedicate this thread to discuss the domain model settings for the identity model (user/roles/groups) in AS7. The concepts behind PicketLink IDM are: a) Identity Object( user, role, group) b) realm ...
AS7: Construct for centralized securityWe need something similar to JaasSecurityDomain that helps us to centrally configure and obtain keystores, truststores, Secure socket factories... What else? Projects such as web services, messaging etc need t...
Security Domain SelectorI am not sure if this has ever come up elsewhere but in a couple of places I have seen a potential need for a more advanced selection of a security domain than our current one-to-one mapping of security domain to secu...
Thread Security Configuration in Domain Model - AS7
Security Configuration in Domain Model - AS7I want to dedicate this thread for discussions surrounding the security configuration in AS7 based on the proposed domain model. Currently, we have the following security configuration needs: 1) Configuration...
AS7 - Security with no ServerThe following document is starting to expore the authentication mechanisms that will be supported for domain management in terms of the back end infrastructure we will authenticate against (The protocol side will be d...
AS7 Keystore / Truststore / Certificate ManagementHas there been any planning so far regarding how keystores, truststores or certificates are going to be managed for multi-host domain deployments of AS7 and how this will be configured?
JBoss Negotiation DocumentationThe JBoss Negotiation document has become quite cumbersome to maintain using docbook, would there be any objections to moving it as a set of wiki documents instead? This should hopefully make it much ea...
AS7 Property File Based Login ModulesWithin the previous AS releases there are a few login modules that make use of properties files to store the users and roles, has there been any consideration yet as to how the equivalent capabilities will be provided...
AS7 Plugability for DependenciesFor the AS7 managament API security we are currently discussing how to re-use as much as possible of the already integrated PicketBox project. One requirement that we have is that the security of the managemen...