Opportunitities for Enhanced AAA for Lenya
Status of this document: RT (Random Thought)
At this point in time (between the release of 1.2.2 and 2.0) Lenya uses an entirely home grown AAA (read: triple-A, Authentication and Authorization), which is basically based on all AAA relevant information stored in files on the filesystem. For a walkthrough see [AuthenticationAndAuthorizationBackgrounder].
This leaves a lot of room for improvement to meet very different people's and organisations needs.
- Container Managed Security
- Single-Sign-On solutions
http://www.orablogs.com/fnimphius/archives/000416.html (Good overall intro!)
http://www.jcp.org/en/jsr/detail?id=115 JSR 115: JavaTM Authorization Contract for Containers]
http://www.jcp.org/en/jsr/detail?id=196 JSR 196: JavaTM Authentication Service Provider Interface for Containers
- Servlet container - getRemoteUser()
- read the White Paper and
- if you're not familliar with PAM: The PAM documentation linked there
http://www.josso.org/ (Java Open Single Sign-On Project), based on JAAS
http://osoco.sourceforge.net/cowarp/protection.html Cocoon is about to use this; it's non-JAAS yet but document centric