directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tencé, Vincent" <>
Subject RE: To release or not to release?
Date Mon, 22 Nov 2004 16:41:39 GMT

> -----Original Message-----
> From: Alex Karasulu []


> >I have the authentication and
> >authorization code working nicely together now, and I'm 
> almost done with the
> >XML builders. This will be enough for demonstration purposes 
> and simple
> >usage. Next step will be to replace XML by a much more 
> powerful scripting
> >interface (probably using groovy), for 
> >configuration and wiring as well as authorization rules definition.
> >  
> >
> That sounds very exciting.  I'm very curious to see how you 
> would script 
> out authorization rules.  Are you looking at authorization 
> expressions 
> as defined in things like SAML.  Also I have no idea about it but 
> someone at the conference recommended taking a look at XACML for 
> authorization rule expressivity.  I need to do this sort of 
> research for 
> Eve's authorization module. 

The concepts of rule expressiveness are related to the ones found in XACML.
The idea for authorization is to be much more powerful than simple role-user
associations. I'm finding that Groovy is a good language for rules

> Perhaps Vincent this is an area where you can contribute to Eve as 
> well.  Eve's authorization subsystem is currently hardcoded 
> to protect 
> the system area under ou=system.  However we need some form of access 
> control instructions within the server soon.  If you are 
> interested let 
> me know.  Also I will post my slides from A/C to this list so 
> people can 
> look at it.  It was pretty lame for a presentation but most 
> excellent as 
> a how to get involved intro document.

Can you point me to where this hardcoded area of the server is?

Post the Slides and please give us some feedback on the presentation :-)

- Vincent

View raw message