Jump to: navigation, search

E4/Security

< E4

Sessions, Role-based Access and Security

  • From Architecture Council/Minutes May 15 2008#Sessions, Role-based Access and Security:
    • For role-based hiding of UI elements, Capabilities got better in 3.4
    • For role-based denial of services in non-UI, need some basic concepts ("user", "role", "session") - coarse grained, not necessarily using Java Security
    • Mapping Roles onto Sessions seems the right thing
    • We should consider 'user' as a first class entity in Eclipse. We know we'll need something akin for multi user/session management for web based Eclipse. A first class user notion would allow us to hang the roles off something, and might make it cleaner to extend capabilities. --KevinM