Log in to follow, share, and participate in this community.
Thread XACML Best Practices
XACML Best PracticesThis is a post in a serious of discussions I was starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am shari...
XACML CachingWe have an article http://community.jboss.org/wiki/XACMLCachingForPerformance Dan has some good comments on caching in xacml engine. This thread will try to brainstorm performance enhancing xacml caching. ...
Callback HandlersI would like to brainstorm the requirements for callback handlers from DB and LDAP primarily. DML had asked for this last year and I never prioritized this. https://jira.jboss.org/jira/browse/SECURITY-467 ht...
PicketBox Error CodesPicketLink Error Codes are at https://docs.jboss.org/author/display/PLINK/PicketLink+Error+Codes Error Code Message Cause Solution PB00001
SecurityDomain AnnotationI'm creating a WebApplication using Jboss AS 7 and trying to use a Form Based Authentication using a DatabaseServerLoginModule. My authentication and roles are ok. I had a problem to protect a EJB clas...
AS 7.1 : JACC ImplementationObjective: Support JSR 115 in JBoss AS7.1 JIRA: https://issues.jboss.org/browse/AS7-1530 Requirements:PicketBox implementation should contain the JACC processing. There may be a need to copy the common core sta...
JBoss AS7 Security Development InventoryThe following table indicates the progress of development of security in JBoss AS 7. # Feature Forum Discussion/JIRA Contact Status Start Date Completion Date AS7 Release? In Master? 1 Domain Model Parsing Ma...
PicketBox Cachehi everybody, I'm a newbie in XACML and I'm happy to find such a community. My first question is: Where can I find a "HowTo PEP-PDP Implementation as Webservice"? The second question: How does PEP-Side Cach...
Article Choosing an Authorization System for JBoss AS
Choosing an Authorization System for JBoss ASGo Back to JBAS Dashboard << This article should guide you to choose an authorization system for your applications running in JBoss AS. The applications in question are web components and EJB compo...
Loading many policy sets from the codeHi, Is it possible to load many policy sets from the code instead dynamicall from a file (as it is described http://community.jboss.org/wiki/XACMLRBACLocator). When I try: XACMLPolicy ps1 = PolicyFactory.cre...
Article JBoss AS7: Password Masking and Encryption
JBoss AS7: Password Masking and EncryptionThis article will describe the strategies/design for both password masking and encryption. Objective The configuration/domain model needs one or more passwords. We do not want to specify the passwords in clear text. ...
AS7 Password Encryption / ObfuscationFor AS7 are there any plans to be updating the mechanisms we provide for encrypting / obfuscating passwords? For previous AS releases I have seen issues regarding the fact that there are many locations that pa...
AS7: Web Subsystem: JSSE/OpenSSL SettingsThis thread is to capture the effort to derive a common configuration that can be used for both JSSE and OpenSSL. This is currently evident in the web subsystem (File: org.jboss.as.web.WebConnectorService) ...
AS7 Security Domain Model ChangesThis is a note for the developers of JBoss AS who want to add new things into the Security Domain Model. Subsystem: security Steps 1. Ensure that you have taken care of the schema (security/src/main/reso...
AS7: Identity ModelI want to dedicate this thread to discuss the domain model settings for the identity model (user/roles/groups) in AS7. The concepts behind PicketLink IDM are: a) Identity Object( user, role, group) b) realm ...
AS7: Construct for centralized securityWe need something similar to JaasSecurityDomain that helps us to centrally configure and obtain keystores, truststores, Secure socket factories... What else? Projects such as web services, messaging etc need t...
Security Domain SelectorI am not sure if this has ever come up elsewhere but in a couple of places I have seen a potential need for a more advanced selection of a security domain than our current one-to-one mapping of security domain to secu...
Thread Security Configuration in Domain Model - AS7
Security Configuration in Domain Model - AS7I want to dedicate this thread for discussions surrounding the security configuration in AS7 based on the proposed domain model. Currently, we have the following security configuration needs: 1) Configuration...
AS7 - Security with no ServerThe following document is starting to expore the authentication mechanisms that will be supported for domain management in terms of the back end infrastructure we will authenticate against (The protocol side will be d...
AS7 Keystore / Truststore / Certificate ManagementHas there been any planning so far regarding how keystores, truststores or certificates are going to be managed for multi-host domain deployments of AS7 and how this will be configured?