[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[alf-dev] Re: Requirements for ALF SSON
|
For Secure Software, Inc. I generally agree with the statement. The key as
has been mentioned, is keeping the bar for entry low enough to attract
participants, while at the same time enabling them to use ALF to add value
to their products for vendors and integrate disparate tools more easily for
customers.
SSI is currently researching the Liberty project as a stable authentication
and authorization based solution that may be worthy of recommendation to
Eclipse as a separate sub-project. I do believe that ALF should remain
focused on the core value: providing tool interoperability at low risk and
low cost to all.
More information can be found on Project Liberty at www.projectliberty.org
Security management and all that goes with it are important, should be
required in some way to achieve some level of full compliance perhaps, but
must not be required to play in the ALF sandbox in my opinion.
"Kelly Shaw" <kshaw@xxxxxxxxxx> wrote in message
news:devkp6$g0k$1@xxxxxxxxxxxxxxxx...
> In our requirements meeting last week we decided that *requiring* an
> identity server such as LDAP was beyond the scope of ALF. It sets the
> entry
> bar too high for many products and may slow ALF adoption across the
> industry.
>
> We did say we would provide a Service Provider Interface where an identity
> server could be added to ALF. While I like this approach, I think our
> example implementation should probably include something like JOSSO or
> some
> other identity manager.
>
> Do I hear agreement or disagreement to this approach?
>
>
