Security is an area of JBoss that is being overhauled / re-written to an enormous extent. The sessions I attended were not announced as being part of the main product stream, yet we ran out of chairs in rooms which became stifling with the number of people that were packed in. Knowing the shortage of good open source initiatives in this area it is hardly surprising for me, but it would certainly appear that JBoss underestimated the interest around the subject.
This introductory session talked around the work that was ongoing, and gave an overview of the direction the team was taking with Security. I did then attend the advanced session around SSO which showed a working example, more on that in the next report.
The Security 2.0 Beta which is currently available includes SPI and an initial version of JBossSX, version 2.0 then is expected to include Identity Federation and a cleanup of SPI, at version 2.1 we should see SAML support which will make the Security module standards compliant for SSO.
The default distribution within JBoss 5.0 is apparently written to work with OpenLDAP, but this is a pluggable architecture meaning we could use JDBC ontop of our own identity store (Oracle) should we wish. Configuration changes where shown to have been made around the "login-config.xml" file.
Following a number of discussions on security over the course of the day it would appear that the work JBoss are undertaking on their security strategy is completely independent of Sun with their Josso project. In addition it does strike me that JBoss have made more advances into this area than Josso has been able too to date. All in all it certainly looks like JBossSX will prove a strong contender for software security measures we choose to investigate.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment