Anil and Pedro.

(08:36:43 AM) asaldhan: psilva: discuss status of each project. we then can do checkpoints
(08:36:53 AM) asaldhan: https://docs.jboss.org/author/display/SECURITY/SecurityProjectsArchitecture
(08:36:57 AM) asaldhan: psilva: pl-idm
(08:37:10 AM) psilva: asaldhan: you start ?
(08:37:58 AM) asaldhan: psilva: for LDAP binding - if the attributes being searched are only custom attributes, then all the users have to be checked. Large data sets, this is a problem.  Need to bring in a cache  (like hibernate 2nd level cache)
(08:38:20 AM) asaldhan: psilva: apart from that, pl-idm ldap binding is fine.
(08:38:29 AM) asaldhan: psilva: wdyt about jpa?
(08:38:56 AM) asaldhan: psilva: pl-idm configuration builders need 2nd look
(08:39:10 AM) psilva: asaldhan: jpa is fine. we have creation of users, roles, queries, membership, groups. And query of users, groups, memberships, roles.
(08:39:28 AM) ***asaldhan is going to capture all of this in a pbox dev thread. 
(08:39:29 AM) psilva: asaldhan: the main issue i see with pl-idm are the undefined points along the code ....
(08:39:48 AM) ***asaldhan says pl-idm is ready for checkpoint release
(08:39:58 AM) psilva: asaldhan: like the IM x IS linkage, some TODOs in the code, duplicated/ambiguos methods, etc. ..
(08:40:07 AM) asaldhan: psilva: yeah. 
(08:40:17 AM) asaldhan: psilva: some methods dont make sense. we need to discuss them.
(08:40:23 AM) psilva: asaldhan: +1
(08:40:40 AM) psilva: asaldhan: another point is create a idm example app ...
(08:40:47 AM) asaldhan: UserQuery.executeQuery(UserQuery) can go into recursive stack overflow
(08:41:06 AM) asaldhan: psilva: right.  we can get viliam to update his idm jquery app too
(08:41:19 AM) psilva: asaldhan: yeah ... only the executeQuery() solves the problem ... and this goes to all query interfaces ..
(08:41:28 AM) psilva: asaldhan: cool
(08:41:52 AM) asaldhan: psilva: PL CDI.  shane checkpointed.  we dont need changes, right?
(08:42:29 AM) psilva: asaldhan: until now, no ....
(08:42:35 AM) asaldhan: psilva: ok.
(08:42:50 AM) asaldhan: psilva: pb CDI
(08:44:06 AM) psilva: asaldhan: pb-cdi is fine, i think. i had simplified the config for the PL-IDM support. we have authc and authz, idm to load roles, PL-IDM IdentityManager is exposed to that users can work with it, etc ...
(08:44:45 AM) psilva: asaldhan: need to see with the aerogear guys if what we have is enough ...
(08:45:02 AM) psilva: asaldhan: i was doing some small changes, will commit later ... 
(08:49:04 AM) psilva: asaldhan: one important point IMO, is that we need to review the pb-core for PL-IDM native support  ...
(08:49:54 AM) asaldhan: psilva: right.
(08:50:26 AM) asaldhan: psilva: as a developer, you work in an environment with CDI and without CDI.
(08:50:34 AM) asaldhan: psilva: like you may be in tomcat without CDI.
(08:50:42 AM) asaldhan: psilva: in that case, he should use pb-core directly.
(08:50:51 AM) asaldhan: psilva: if he has CDI enabled, then he should go pb-cdi.
(08:50:58 AM) asaldhan: psilva: wdyt?
(08:51:15 AM) psilva: asaldhan: agree ..
(08:51:26 AM) asaldhan: psilva: people will ask this question
(09:16:28 AM) psilva: asaldhan: i was looking to support EL expressions with authorization annotations .... wdyt ?
(09:18:17 AM) asaldhan: psilva: regular expressions should be fine.  But ideally they should just use drools, right?
(09:18:37 AM) asaldhan: psilva: externalized authz is powerful. No need to change code.
(09:19:34 AM) psilva: asaldhan: i agree, but it can be an alternative, more simple to use (not drools dependencies, config, etc) ...