Menu
▾
▴
[Jboss-dev-forums] [Design of Security on JBoss] - jbpm process security
|
From: <tom...@jb...> - 2005-05-20 10:41:42
|
could i do something usefull with security in jBPM ? this is a philisophical jBPM question rather then a jboss question, but i would appreciate the opinion of the jboss experts on this. authentication: this is outside the scope of jBPM to do the authentication. the environment needs to do the authentication and pass the authenticated user information to jBPM. passing that information can be done via the jBPM API. authorization: there are definitely process related authorization constraints. E.g. the 'payraise process' can only be started by 'managers'. But jBPM can never include a generic mechanism for authorization constraints because 1) the organisation model is different in every organisation (it's pluggable in jBPM) 2) the authorization rules are expressed in terms of the organisation model 3) the authorization rules themselves are also different from organisation to organisation. So we cannot include authorization into jBPM unless we freeze the organisation model and the format for authorization rules. that does not seem like a good idea to me. any advice or twist of mind is welcome. regards, tom. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3878534#3878534 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3878534 |
