synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Fremantle <pzf...@gmail.com>
Subject Re: Security as a QOS
Date Thu, 22 Dec 2005 09:35:40 GMT
Saminda

One use case I imagine for Synapse is to handle multiple different security
configurations. I don't believe we should do the security as an AAR.

1) I think we should differentiate between different security models. WSS4J
is just one potential model, so we should name the tag <engage-wss>.
Probably we need different tags:
<engage-wss-auth-check>
<engage-wss-auth-add>
<engage-wss-sign-check>
<engage-wss-sign-add>
<engage-wss-encrypt>
<engage-wss-decrypt>

2) I think the config should be possible to be "inline". We need a way of
separating out config files - maybe a way of using reference to point to
another file or even a repository, but it should be possible to have two
different security configurations and the simplest way seems to me to have
the config info as children of the tag.

3) we should make the WSS4J support into a JAR and use the SynapseExtension
support (same with Sandesha), so that we don't have a huge set of
dependencies on the main download.

Paul


On 12/19/05, Saminda Abeyruwan <samindaa@gmail.com> wrote:
>
>
>
> On 12/19/05, Mukund Balasubramanian <mukund@infravio.com> wrote:
> >
> > Where does the remaining configuration go?
> >
> > Into axis config?
>
>
> Part of the configuration has to be handled by the
> SecurityProcessor.process() method. This method handles the
> configurations, which is present in Axis2.xml.
>
> The resources such as "information on key store", "PWCallback" and other
> properties has to go into synapse_security.aar.
>
> {The programming model is somewhat close to AddressingInProcessor}
>
> Saminda
>
> My primary question is the interaction model between synapse xml and axis
> > xml.
> >
> > Mukund Balasubramanian
> >
> >
> >
> >
> > -----Original Message-----
> > From: Saminda Abeyruwan <samindaa@gmail.com>
> > To: synapse-dev@ws.apache.org <synapse-dev@ws.apache.org>
> > Sent: Mon Dec 19 17:08:38 2005
> > Subject: Security as a QOS
> >
> > Hi all,
> >
> > Axis2 comes with Security. As a first step towards building QOS for
> > Synapse, we can use the Axis2's security implementation.
> >
> > The big picture is as follows, when synpase.xml has the following
> > structure {minimum}
> >
> > <stage name="security">
> > <engage-security/>
> > </stage>
> >
> > will allow the Synapse to work with security.
> >
> > Rule author might come with a rule like
> >
> > <stage name="rule_set">
> > <engage-security/>
> > <engage-addressing-in/>
> > <log/>
> > <send/>
> > </stage>
> >
> > The implementation process requires SecuirtyProcessor and
> > SecurityProcessorConfigurator.
> >
> > I would like to give it a try and implement this for Synapse.
> >
> > Thoughts ?
> >
> > Saminda
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: synapse-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: synapse-dev-help@ws.apache.org
> >
> >
>


--
Paul Fremantle
VP/Technology, WSO2 and OASIS WS-RX TC Co-chair

http://bloglines.com/blog/paulfremantle
paul@wso2.com

"Oxygenating the Web Service Platform", www.wso2.com

Mime
View raw message