synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vikas" <>
Subject Re: Security as a QOS
Date Sat, 22 Dec 2001 12:45:07 GMT
Hi everyone,

Was just wondering:
If security is offered as an axis2 service (i.e. an aar) it could be called for any particular
service[that is being mediated] by putting the <serviceMediator>  tag after a regex
or xpath evaluation checking for that service..

If it is used like addressing(ie a module/mar) and engaged at a global level, we could never
turn it off.
[I think, Axis2 does not allow dis-engaging of modules]

So we would force all the services being mediated to flow through a security module ?

Am i missing something or thinking aloud?


Imagine xmethods-delayed-stockQuotes and New-York stock exchange' s stock quote services being
mediated by Synapse, the former would not ask for security whereas the latter maight just
be paranoid and ask for a security arrangement to be in place.
If security is a service(aar), we treat it like a mediator and say
    <regex message-address="to" pattern="http://new-yorkStockExchange.*">
        <servicemediator name="securityForNYSE" service="security"/>

  ----- Original Message ----- 
  From: Paul Fremantle 
  Sent: Thursday, December 22, 2005 6:06 PM
  Subject: Re: Security as a QOS

  What I assumed is that to enable security you would add the following things to your install:

  * WSS4J-Snapshot
  * security.mar
  * synapse-wss.jar

  Together these would add the tags to the synapse install. I don't see why it has to be an
AAR. Can't we do the same trick as with Addressing and engage security on the emptymediator?


  On 12/22/05, Saminda Abeyruwan <> wrote:
    On 12/22/05, Paul Fremantle <> wrote: 

      One use case I imagine for Synapse is to handle multiple different security configurations.
I don't believe we should do the security as an AAR. 

    Axis2  level if  we  want  to have security functionality we  need  need to have a aar.
I don't know whether we can have this functionality as a jar

      1) I think we should differentiate between different security models. WSS4J is just
one potential model, so we should name the tag <engage-wss>. Probably we need different


      2) I think the config should be possible to be "inline". We need a way of separating
out config files - maybe a way of using reference to point to another file or even a repository,
but it should be possible to have two different security configurations and the simplest way
seems to me to have the config info as children of the tag. 

      3) we should make the WSS4J support into a JAR and use the SynapseExtension support
(same with Sandesha), so that we don't have a huge set of dependencies on the main download.


      On 12/19/05, Saminda Abeyruwan <> wrote:

        On 12/19/05, Mukund Balasubramanian <> wrote:
          Where does the remaining configuration go?

          Into axis config?

        Part of the configuration has to be handled by the SecurityProcessor.process() method.
This method handles the configurations, which is present in Axis2.xml. 

        The resources such as "information on key store", "PWCallback" and other properties
has to go into synapse_security.aar. 

        {The programming model is somewhat close to AddressingInProcessor}


          My primary question is the interaction model between synapse xml and axis xml. 

          Mukund Balasubramanian

          -----Original Message-----
          From: Saminda Abeyruwan < >
          To: <>
          Sent: Mon Dec 19 17:08:38 2005
          Subject: Security as a QOS 

          Hi all,

          Axis2 comes with Security. As a first step towards building QOS for Synapse, we
can use the Axis2's security implementation. 

          The big picture is as follows, when synpase.xml has the following structure {minimum}

          <stage name="security">

          will allow the Synapse to work with security. 

          Rule author might come with a rule like

          <stage name="rule_set">

          The implementation process requires SecuirtyProcessor and SecurityProcessorConfigurator.

          I would like to give it a try and implement this for Synapse.

          Thoughts ?


          To unsubscribe, e-mail:
          For additional commands, e-mail:

      Paul Fremantle
      VP/Technology, WSO2 and OASIS WS-RX TC Co-chair

      "Oxygenating the Web Service Platform",

  Paul Fremantle
  VP/Technology, WSO2 and OASIS WS-RX TC Co-chair

  "Oxygenating the Web Service Platform",

View raw message