| Subject | Re: [IB-Architect] Re: Some thoughts on IB and security |
|---|---|
| Author | Jim Starkey |
| Post date | 2000-04-27T14:27:43Z |
At 05:13 PM 4/26/00 -0700, rfm@... wrote:
are going to differ across systems and environments. Building
a system so inclusive that addresses all needs is difficult
if possible at all. On the other hand, forcing folks to build
a private version isn't the answer either.
Perhaps we could discuss the requirements for an API for a
security plug-in?
A model we might consider is Apache's configuration file. A
configuration specification (probably stored in a blob in a
system table) would define a meta-syntax and a means to
specify one or more security modules, each of which would
be responsible for handling of its tags.
Jim Starkey
>I rather like the idea of a "plug-in". Security requirements
>
>Ann Harrison wrote:
>>
>>
>> I'm not sure plug-ins are the right answer. Nor am I comfortable
>> with the "one login for all databases" philosophy.
>>
>I agree. BTW, what I ment by plugins was some fairly flexable way
>of letting some other service do/verify the authentication. Giving
>sites the option of using their whatever their single sign on
>system might be. Of course, you then have to worry about the security
>of your plug-in mechanism. I have no idea what the practicalities
>of the situation are. How do Oracle, MS etc do it ?
>
are going to differ across systems and environments. Building
a system so inclusive that addresses all needs is difficult
if possible at all. On the other hand, forcing folks to build
a private version isn't the answer either.
Perhaps we could discuss the requirements for an API for a
security plug-in?
A model we might consider is Apache's configuration file. A
configuration specification (probably stored in a blob in a
system table) would define a meta-syntax and a means to
specify one or more security modules, each of which would
be responsible for handling of its tags.
Jim Starkey