Version 4

    The Generalized Authorization Layer of the JBossSX module should support plugging of external authorization policies.

    It should support:

    1. Java Authorization Contract for Containers a.k.a JACC


    The following is a potential way to plug in policies:

    1. OASIS eXtensible Access Control Markup Language a.k.a XACML


    Here is the scope of XACML:

    XACML is expected to address fine grained control of authorized activities, the effect of 
    characteristics of the access requestor, the protocol over which the request is made, 
    authorization based on classes of activities, and content introspection (i.e. authorization 
    based on both the requestor and potentially attribute values within the target where the 
    values of the attributes may not be known to the policy writer). XACML is also expected to 
    suggest a policy authorization model to guide implementers of the authorization mechanism.


    Design Forum Discussion: