[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[alf-dev] Re: Requirements for ALF SSON

For Secure Software, Inc. I generally agree with the statement. The key as 
has been mentioned, is keeping the bar for entry low enough to attract 
participants, while at the same time enabling them to use ALF to add value 
to their products for vendors and integrate disparate tools more easily for 
customers.

SSI is currently researching the Liberty project as a stable authentication 
and authorization based solution that may be worthy of recommendation to 
Eclipse as a separate sub-project. I do believe that ALF should remain 
focused on the core value: providing tool interoperability at low risk and 
low cost to all.

More information can be found on Project Liberty at www.projectliberty.org

Security management and all that goes with it are important, should be 
required in some way to achieve some level of full compliance perhaps, but 
must not be required to play in the ALF sandbox in my opinion.

"Kelly Shaw" <kshaw@xxxxxxxxxx> wrote in message 
news:devkp6$g0k$1@xxxxxxxxxxxxxxxxxxx
> In our requirements meeting last week we decided that *requiring* an
> identity server such as LDAP was beyond the scope of ALF. It sets the 
> entry
> bar too high for many products and may slow ALF adoption across the
> industry.
>
> We did say we would provide a Service Provider Interface where an identity
> server could be added to ALF. While I like this approach, I think our
> example implementation should probably include something like JOSSO or 
> some
> other identity manager.
>
> Do I hear agreement or disagreement to this approach?
>
>