The Generalized Authorization Layer of the JBossSX module should support plugging of external authorization policies.
It should support:
Java Authorization Contract for Containers a.k.a JACC
The following is a potential way to plug in policies:
OASIS eXtensible Access Control Markup Language a.k.a XACML
Here is the scope of XACML:
Scope XACML is expected to address fine grained control of authorized activities, the effect of characteristics of the access requestor, the protocol over which the request is made, authorization based on classes of activities, and content introspection (i.e. authorization based on both the requestor and potentially attribute values within the target where the values of the attributes may not be known to the policy writer). XACML is also expected to suggest a policy authorization model to guide implementers of the authorization mechanism.
Design Forum Discussion: