[Exist-development] security refactoring

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,

I want to add new accounts: 

 - 'system account' (id = 0, dba group), it will be use by system only.
It will be useful as owner of the /system resources, so it will be never
modified by anybody, only by system it self (throw special functions);

 - 'nobody' (id = -1, guest group), the use didn't offer himself. This
account can't be used as resource owner.

Next in my plan (next two weeks):

 - change the major version number of the security subsystem;

 - add collection /system/security, it will be use for setting, accounts
and roles information;

 - use collections: /system/security/( internal, openid, ldap,
activeDirectory) & etc, one per realm, other words each realm will have 
separate collection. 

 - each realm's collection will have subcollection: role (or should I
use 'group' as name?), user & file: settings.xml (I'll implement runtime
reconfiguration)

 - each group or user will be at single file.

(I will put converter to transform old structure to new one)

Any comments?

-- 
Cheers,

Dmitriy Shabanov

[Exist-development] security refactoring

eXist-db is a feature rich Open Source native XML database

[Exist-development] security refactoring