Monday, February 16, 2009

JBoss Authorization Server Public Preview Available!!

This is the first Public Preview of our next generation Authorization system. This system is ready for community review and we would very much like design related feedback at this stage. This is a work in progress, and feedback can be easily incorporated during subsequent releases.

To provide a little background, Authorization Security is a complex and open ended aspect. Its functionality varies based on the requirements of the environment/organization within which a Portal is deployed. It is very common that the same exact Portlet application can have completely different business level security requirements. However, with the declarative part of Portlet security not being very robust, developers unintentionally end up with "Security Logic" embedded inside their application components.

This Authorization system is designed to provide Authorization as a cross cutting concern of your Enterprise application, effectively extracting all "Security Logic" out of the business components, and into a central repository. Having extracted the "Security Logic out", your Portlets become lot more Portable from a Security Rules standpoint.

This was one of the motivating factors for the system, but not the only one. Here are some of the advantages this system is designed to provide Portal Developers
  • Clean Separation between Security Logic and Application Logic
  • Flexibility to apply Security Logic to arbitrary Runtime information, and not just Role based access control
  • Runtime Management of Security Policy
  • A user friendly Developer API
Here are some of the technical features of the Authorization Server:
  • A standards compliant XACML server. More Spec Info.
  • Runtime modification of Security rules without requiring any system restarts
  • Ability to create complex security rules taking into account useful contextual data like Identity, Roles, Arbitrary Request Parameters, Date/Time based rules, IP Address based Rules etc
  • A Developer friendly component oriented API to develop custom Security GUI to manage Policies. Developers do not need any familiarity with the low-level complex XACML XML hell.
  • A common Security Manager for all your Portlet applications, without having to write/maintain a separate Security subsystem for each Portlet application being aggregated
Current Status: System is still evolving especially the Developer API/Components, and the Portal Profile. Feedback here would be valuable since it gives us fresh ideas on may be some usage scenarios we may not have considered. The core architectural components are ready to play around with to get a feel for how the system can be used. I recommend starting with the test cases and the reference guide to get an idea for how the components fit together.

Useful Links:

No comments: