[29226] in Kerberos
Re: Kerberized authorization service
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Feb 11 13:28:55 2008
To: kerberos@mit.edu
In-Reply-To: <9712.1202753486@malison.ait.iastate.edu> (John Hascall's message
of "Mon\, 11 Feb 2008 12\:11\:26 CST")
From: Russ Allbery <rra@stanford.edu>
Date: Mon, 11 Feb 2008 10:27:22 -0800
Message-ID: <87skzzl56d.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
John Hascall <john@iastate.edu> writes:
> Russ Allbery <rra@stanford.edu> writes:
>> Stanford currently very much loses on this, in a wide variety of ways.
>> We really only have one authorization system that copes correctly with
>> role status changes (provided that it's used properly), and it only
>> knows how to talk to the financial system and isn't (currently) usable
>> as a general authorization solution. There is some active work in the
>> Internet2 arena on this, but not to the point where I think people are
>> deploying it.
>
> The problem with the Internet2's work in this area
> (i.e., Signet and Grouper) is that
> they seem like they've never met a problem
> that they didn't think the answer to it was:
>
> while (problem) {
> Throw the most complicated XML and Java possible at it.
> }
>
> (And they forgot to catch deathByBloatAndComplexityException)
Yeah, I should probably not get started on that. (Signet is essentially
the next generation of Authority Manager, which is the above-mentioned
application that talks to the financial system.)
Our middleware group is very fond of Java and XML.
I'm, er, not so much. (Although XML does have its place.)
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
