Im working on next kbmMW version.
Im working on next kbmMW version.
It will include a new sophisticated authorization framework, which allow for defining actors (users), roles, and resources (real and virtual) and resource groups.
Authorizations are then granted or denied for an actor and/or a role on a resource. Constraints can be defined on an authorization (grant or deny) which for example limits the authorization to a specific day or time or range, communication via a specific transport or only from specific client nodes etc. Custom constraints can be defined.
Resources, roles and actors can be defined within code, or a database or from other external resources, of which an XML storage is directly supported.
And the best of it all, is that its dead easy to use and integrates directly with kbmMWs existing token based authorization scheme.
Further it supports defining internal users, which can not be used for logging on from an external client, and its also supported assuming another user identity within the business code in the server.
This way resources (services, functions or other stuff) are 100% protected against unauthorized calls from external users, while the server internally can assume a higher authorization allowing specific calls for specific purposes under full developer control.
What is also coming in the next version, is the ability to pause processing messages from queues, if the messages are below a certain priority level. This allows for having higher prioritized authorization of connectivity between nodes, without risking shipping older messages in the queue, before its 100% certain that authorization has been granted for shipping them.
There will be tons of updates and improvements in AJAX, JSON, XML, object marshalling, new progress and event framework and more.
Something to look forward to ;)
It will include a new sophisticated authorization framework, which allow for defining actors (users), roles, and resources (real and virtual) and resource groups.
Authorizations are then granted or denied for an actor and/or a role on a resource. Constraints can be defined on an authorization (grant or deny) which for example limits the authorization to a specific day or time or range, communication via a specific transport or only from specific client nodes etc. Custom constraints can be defined.
Resources, roles and actors can be defined within code, or a database or from other external resources, of which an XML storage is directly supported.
And the best of it all, is that its dead easy to use and integrates directly with kbmMWs existing token based authorization scheme.
Further it supports defining internal users, which can not be used for logging on from an external client, and its also supported assuming another user identity within the business code in the server.
This way resources (services, functions or other stuff) are 100% protected against unauthorized calls from external users, while the server internally can assume a higher authorization allowing specific calls for specific purposes under full developer control.
What is also coming in the next version, is the ability to pause processing messages from queues, if the messages are below a certain priority level. This allows for having higher prioritized authorization of connectivity between nodes, without risking shipping older messages in the queue, before its 100% certain that authorization has been granted for shipping them.
There will be tons of updates and improvements in AJAX, JSON, XML, object marshalling, new progress and event framework and more.
Something to look forward to ;)
Comments
Post a Comment