This topic has not yet been written. The content below is from the topic description.
https://docspace.corp.redhat.com/docs/DOC-60806 secure management API needs to exist before servers are spun up affects how administrators as well as hosts connect to domain controller configuration walkthrough: - primarily in domain.xml, can have host-specific overrides (previously management APIs) defines interfaces exposed on instance; host.xml realm attribute cross-references with security realm http interface - for the admin console (Heiko Braun) native interface - Alessio Soldano realm requires: server id (cert for http, kerberos id - server name and keytab name attributes), authentication how to connect to backend user stores; option to delegate to domain controller; connection to user.properties file; connection to database - links to - may need to redefine datasources and ldap here, because servers will not exist to access for this info when this is being used connection to ldap integration with pre-existing JAAS login modules (Anil or Marcus) authorization connections - mentioned above authorization control - access control lists and roles not necessarily in 6.0.0 supported/planned transports: http://community.jboss.org/docs/DOC-16587 digest is preferred, since password is never sent to server gssapi/spnego provide kerberos support, requires additional authentication for admin console client certs use external SASL; client and server negotiate an SSL connection security tokens are a possibility, but involves a lot of overhead, time-wise; can bypass by trusting the domain controller's signature avoid plain/basic where possible host controller needs to authenticate when it connects to the domain controller individual hosts will establish SSL connection to domain controller digest or basic could also be supported where people need to manipulate the domain config docs requirements: what each transport mechanism allows users to do what each transport mechanism requires give use cases, or some basis for making a decision about security realms example configurations would be handy