K
kgruskin
I was trying to research a JAAS based RBAC solution and how I could
make it scalable. I need a way to maintain all of the groups and
roles(this seems to easily be doable in OID) but also be able to
specify different permissions/policies(Authorization) for individual
applications. Everything that I've found so far assumes you want to
store all your policies in one centralized file for all applications
to use. For my solution this is not feasible as there will be millions
of users and thousands of applications. Ideally I'd set up roles and
add users to the roles and then each application would have it's own
policy/authorization file or something of that nature to control what
groups/roles have permission to access application level resources. I
really haven't seen a way to step away from a centralized JAAS access
control policy file. The access control policy file just does not
appear to be manageable solution to me. Thanks in advance for any
posts and feedback in advance.
make it scalable. I need a way to maintain all of the groups and
roles(this seems to easily be doable in OID) but also be able to
specify different permissions/policies(Authorization) for individual
applications. Everything that I've found so far assumes you want to
store all your policies in one centralized file for all applications
to use. For my solution this is not feasible as there will be millions
of users and thousands of applications. Ideally I'd set up roles and
add users to the roles and then each application would have it's own
policy/authorization file or something of that nature to control what
groups/roles have permission to access application level resources. I
really haven't seen a way to step away from a centralized JAAS access
control policy file. The access control policy file just does not
appear to be manageable solution to me. Thanks in advance for any
posts and feedback in advance.