First, I apologize if this is off-topic. These lists seemed to be the closest to containing the people that would have knowledge of what I am looking for. I am currently working on a project in which we are starting to look at integrating authentication/authorization technologies into it. I am hoping that the folks on this list may have some thoughts on products available which may help us decide whether we can purchase the technology or need to build it ourselves. The requirements are as follows: - Multi-platform (various UNIX flavors + Windows) - Multiple authentication types (passwords, certs, tokens, etc) - Support LDAP, Kerberos, NT domains for authentication - Policy management of resources (ACLs on objects that we define, not just webpages/files) - API access to authentication/authorization mechanisms (Java is a plus) - GUI based management of ACLs/policies is a plus - Not tied to working with web-based application only I know that JAAS has the capabilities to do many of these things. However, its current incarnation provides the initial infrastructure and not a polished implementation. For example, its login modules appear to be more of samples than useful components - especially the NT login module. The management of the permissions (policy files) is also not very user-friendly. Products such as Netegrity Siteminder also have many of these features, but has much more to it than just the authentication/authorization pieces we are looking for. Something like this may be a possibility, but we'd prefer something where we can take just the pieces we need. Some portal/application server products (Websphere, etc) also have these types of features. However, we don't want to be tied to a particular application server. Please reply to me directly. I will post a summary for everyone else's benefit if there is interest. Thanks.
This archive was generated by hypermail 2b30 : Tue Apr 23 2002 - 13:20:13 PDT