synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vikas" <vi...@infravio.com>
Subject Re: Security as a QOS
Date Sat, 22 Dec 2001 12:45:07 GMT
Hi everyone,

Was just wondering:
If security is offered as an axis2 service (i.e. an aar) it could be called for any particular
service[that is being mediated] by putting the <serviceMediator>  tag after a regex
or xpath evaluation checking for that service..

If it is used like addressing(ie a module/mar) and engaged at a global level, we could never
turn it off.
[I think, Axis2 does not allow dis-engaging of modules]

So we would force all the services being mediated to flow through a security module ?

Am i missing something or thinking aloud?

Thanks,
~Vikas.

ps:
Imagine xmethods-delayed-stockQuotes and New-York stock exchange' s stock quote services being
mediated by Synapse, the former would not ask for security whereas the latter maight just
be paranoid and ask for a security arrangement to be in place.
If security is a service(aar), we treat it like a mediator and say
    <regex message-address="to" pattern="http://new-yorkStockExchange.*">
        <servicemediator name="securityForNYSE" service="security"/>







  ----- Original Message ----- 
  From: Paul Fremantle 
  To: synapse-dev@ws.apache.org 
  Sent: Thursday, December 22, 2005 6:06 PM
  Subject: Re: Security as a QOS


  What I assumed is that to enable security you would add the following things to your install:

  * WSS4J-Snapshot
  * security.mar
  * synapse-wss.jar

  Together these would add the tags to the synapse install. I don't see why it has to be an
AAR. Can't we do the same trick as with Addressing and engage security on the emptymediator?


  Paul


  On 12/22/05, Saminda Abeyruwan <samindaa@gmail.com> wrote:
    On 12/22/05, Paul Fremantle <pzfreo@gmail.com> wrote: 
      Saminda

      One use case I imagine for Synapse is to handle multiple different security configurations.
I don't believe we should do the security as an AAR. 

    Axis2  level if  we  want  to have security functionality we  need  need to have a aar.
I don't know whether we can have this functionality as a jar



      1) I think we should differentiate between different security models. WSS4J is just
one potential model, so we should name the tag <engage-wss>. Probably we need different
tags: 
      <engage-wss-auth-check>
      <engage-wss-auth-add>
      <engage-wss-sign-check> 
      <engage-wss-sign-add>
      <engage-wss-encrypt>
      <engage-wss-decrypt>

    +1 



      2) I think the config should be possible to be "inline". We need a way of separating
out config files - maybe a way of using reference to point to another file or even a repository,
but it should be possible to have two different security configurations and the simplest way
seems to me to have the config info as children of the tag. 

      3) we should make the WSS4J support into a JAR and use the SynapseExtension support
(same with Sandesha), so that we don't have a huge set of dependencies on the main download.

      Paul




      On 12/19/05, Saminda Abeyruwan <samindaa@gmail.com> wrote:



        On 12/19/05, Mukund Balasubramanian < mukund@infravio.com> wrote:
          Where does the remaining configuration go?

          Into axis config?

        Part of the configuration has to be handled by the SecurityProcessor.process() method.
This method handles the configurations, which is present in Axis2.xml. 

        The resources such as "information on key store", "PWCallback" and other properties
has to go into synapse_security.aar. 

        {The programming model is somewhat close to AddressingInProcessor}

        Saminda



          My primary question is the interaction model between synapse xml and axis xml. 

          Mukund Balasubramanian




          -----Original Message-----
          From: Saminda Abeyruwan <samindaa@gmail.com >
          To: synapse-dev@ws.apache.org <synapse-dev@ws.apache.org>
          Sent: Mon Dec 19 17:08:38 2005
          Subject: Security as a QOS 

          Hi all,

          Axis2 comes with Security. As a first step towards building QOS for Synapse, we
can use the Axis2's security implementation. 

          The big picture is as follows, when synpase.xml has the following structure {minimum}

          <stage name="security">
          <engage-security/>
          </stage>

          will allow the Synapse to work with security. 

          Rule author might come with a rule like

          <stage name="rule_set">
          <engage-security/>
          <engage-addressing-in/>
          <log/>
          <send/>
          </stage>

          The implementation process requires SecuirtyProcessor and SecurityProcessorConfigurator.


          I would like to give it a try and implement this for Synapse.

          Thoughts ?

          Saminda





          ---------------------------------------------------------------------
          To unsubscribe, e-mail: synapse-dev-unsubscribe@ws.apache.org
          For additional commands, e-mail: synapse-dev-help@ws.apache.org








      -- 
      Paul Fremantle
      VP/Technology, WSO2 and OASIS WS-RX TC Co-chair

      http://bloglines.com/blog/paulfremantle
      paul@wso2.com

      "Oxygenating the Web Service Platform", www.wso2.com






  -- 
  Paul Fremantle
  VP/Technology, WSO2 and OASIS WS-RX TC Co-chair

  http://bloglines.com/blog/paulfremantle
  paul@wso2.com

  "Oxygenating the Web Service Platform", www.wso2.com

Mime
View raw message