Sunday, November 9, 2008

How to setup a System Property?

There is a huge difference between system property and environmental variable. Environmental variable has a global effect on the operating system while system property has more local effect. System property can be different from program to program. So it is a best practice to use a system property instead of environmental variable in your code. You can always ask the user to setup the system property.

Running a program with system property is done as follows.

java -Dapplication.home="c:/myapp" MyApplication.java

Tuesday, October 28, 2008

Wisdom of Crowd

Wisdom of Crowd is a book published by James Surowiecki. The story of how internet has given it's own face to the same theory can be found in this interesting video.

http://video.google.com/videoplay?docid=380058528391483877

Sunday, September 28, 2008

JSecurity

I went through JSecurity quick start guide today. It is a pretty cool software. It shares many features with WSO2 user manager. But at a glance I have to admit their architecture is more elegant.

Friday, September 26, 2008

Role vs Group

We've been discussing the difference between roles vs groups. And I found the answer here[1]

So let me quote from[1]

A frequently asked question is, What is the differerence between roles and groups? "Groups of users as the unit of access control are commonly provided in many access control systems. A major difference between most implementations of groups and the concept of roles is that groups are typically treated as a collection of users and not as a collection of permissions. A role is both a collection of users on one side and a collection of permissions on the other. The role serves as an intermediary to bring these two collections together."

In some applications roles are a collection of permissions. Groups are a collection of users. A group of users can get multiple roles assigned to it. There is a clear separation of concerns. If the user group keep changing then one has to create user groups. If permission list keep changing, then keep creating roles.

In some applications there is no concept of groups at all. The role will contain both users and a list of permissions. This type is clear but has the draw back of having to create a role each time either the user group membership changes or the permission list changes.

From the industry the observation is the permission list rarely changes. Hence Ravi S. Sandu's way of defining roles will fit most application domains.

[1]http://csrc.nist.gov/rbac/sandhu96.pdf

Thursday, September 18, 2008