[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[equinox-dev] authentication vs authorization

I think I speak for a number of folks when I make the assertion that we would like to see both authentication and authorization added to the 3.2 release of the platform. This is particularly true for projects like ECF, where having some way to authenticate the local user and get access to secure credentials for accessing remote accounts is very important. Of course, in the long term it's also important that there be some way to secure access to runtime bundles...and run potentially untrusted code (at least not completely trusted code).

There is, I think, a real need for the emerging RCP app development community to have at least a first cut authentication/login security in Eclipse 3.2. Although I think it would be terrirfic to have a general solution for authorization as well in that timeframe, I think authorization is more clearly more important for most app developers...as I think it would be a serious problem for app developers using RCP to have to wait beyond 3.2 for *both* authentication and authorization.

Why? Well, I suspect that many app developers will need to either a) begin implementing their own authentication approaches in order to create/build their apps; or b) not use RCP at all as the basis of their applications. Obviously, neither a nor b are desireable from the point of view of broadening equinox's usage in the app developer community.

So, enough speech making...I just wanted to convey to people what I perceive as at least one serious need for equinox in the 3.2 timeframe. I know all of you are aware of that need, so I suppose I just wanted to make it clearer from the point of view of app developers that would like to use equinox as the basis of new, secure, non-IDE applications.

Thanks for listening,

Scott