The Overlord project has some security related requirements that we need to work out.  There are currently several components that all need to be tied together in a sensible way from the point of the view of end users, including the following:

• BAM Gadget Server - a GWT based UI application
• S-RAMP Repository - a Service Repository accessed via a REST Atom API
• S-RAMP Browser - a JBoss Errai based UI application used to browse an S-RAMP repository (must access the S-RAMP repository via the Atom API)

The following are a list of requirements for these three components:

• Require some type of web application user authentication when accessing the Gadget Server or S-RAMP Browser
• Require BASIC authentication when accessing the S-RAMP repository via its Atom API
• If the user has logged in to the BAM Gadget Server, they do not need to re-authenticate when switching to the S-RAMP Browser (SSO)
• When a user is logged in to the S-RAMP Browser, it will talk to the S-RAMP repository as that user (or on behalf of that user)
• Authenticated users are given a set of Roles/Permissions which grants the ability to perform fine grained functions within the UI applications

I think we are currently looking for some guidance/best-practices/ideas about what technologies we can/should be using to address these requirements.