Opportunitities for Enhanced AAA for Lenya
Status of this document: RT (Random Thought)
Introduction
At this point in time (between the release of 1.2.2 and 2.0) Lenya uses an entirely home grown AAA (read: triple-A, Authentication and Authorization), which is basically based on all AAA relevant information stored in files on the filesystem. For a walkthrough see [AuthenticationAndAuthorizationBackgrounder].
This leaves a lot of room for improvement to meet very different people's and organisations needs.
Potential enhancements
- JAAS
- Container Managed Security
- Single-Sign-On solutions
Links
- http://www.orablogs.com/fnimphius/archives/000416.html (Good overall intro!)
- http://www.jcp.org/en/jsr/detail?id=115 JSR 115: JavaTM Authorization Contract for Containers]
- http://www.jcp.org/en/jsr/detail?id=196 JSR 196: JavaTM Authentication Service Provider Interface for Containers
- Servlet container - getRemoteUser()
- JAAS http://java.sun.com/products/jaas/overview.html
- read the White Paper and
- if you're not familliar with PAM: The PAM documentation linked there
- http://www.josso.org/ (Java Open Single Sign-On Project), based on JAAS
- http://www.theserverside.com/news/thread.tss?thread_id=12311 SAML
- http://osoco.sourceforge.net/cowarp/protection.html Cocoon is about to use this; it's non-JAAS yet but document centric
- http://tp.its.yale.edu/tiki/tiki-index.php?page=CentralAuthenticationService