I am assigned a task to work on Portal based upon Portlet 2.0 that will be deployed on Tomcat using Jetspeed 2.2.1. However in future this must be deployable on other portlet servers like IBM WebSphere. In first step I have to work out the possible security model for the application. Major requirements for security:
- Based on some standard
- Easily portable to Websphere or other server
- Two step security model in which authentication is done on cooperate network (LDAP or domain controller for example) than authorizations will be controlled by portlet server
So security must not dependent or tightly coupled with Jetspeed specific features. My initial understanding user must exists in portlet server (Jetspeed on this case) to control the authorization stuff(who can access and what can do). What could be best way these server independent so that these can be ported easily to other servers. Or for each server we have to re-create user/groups/roles using sort of admin interface that server provides.