synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saminda Abeyruwan <samin...@gmail.com>
Subject Re: Security as a QOS
Date Thu, 22 Dec 2005 13:37:31 GMT
On 12/22/05, Paul Fremantle <pzfreo@gmail.com> wrote:
>
> What I assumed is that to enable security you would add the following
> things to your install:
>
> * WSS4J-Snapshot
> * security.mar
> * synapse-wss.jar


These components come by default. :)  And has lot more to configure. What
I'm implementing is half done, Will finish it asap.

Together these would add the tags to the synapse install. I don't see why it
> has to be an AAR. Can't we do the same trick as with Addressing and engage
> security on the emptymediator?


I like the sound of  it.  Will work on it.

Paul
>
> On 12/22/05, Saminda Abeyruwan <samindaa@gmail.com> wrote:
> >
> > On 12/22/05, Paul Fremantle <pzfreo@gmail.com> wrote:
> > >
> > > Saminda
> > >
> > > One use case I imagine for Synapse is to handle multiple different
> > > security configurations. I don't believe we should do the security as an
> > > AAR.
> >
> >
> > Axis2  level if  we  want  to have security functionality we  need  need
> > to have a aar. I don't know whether we can have this functionality as a jar
> >
> > 1) I think we should differentiate between different security models.
> > > WSS4J is just one potential model, so we should name the tag <engage-wss>.
> > > Probably we need different tags:
> > > <engage-wss-auth-check>
> > > <engage-wss-auth-add>
> > > <engage-wss-sign-check>
> > > <engage-wss-sign-add>
> > > <engage-wss-encrypt>
> > > <engage-wss-decrypt>
> >
> >
> > +1
> >
> > 2) I think the config should be possible to be "inline". We need a way
> > > of separating out config files - maybe a way of using reference to point to
> > > another file or even a repository, but it should be possible to have two
> > > different security configurations and the simplest way seems to me to have
> > > the config info as children of the tag.
> > >
> > > 3) we should make the WSS4J support into a JAR and use the
> > > SynapseExtension support (same with Sandesha), so that we don't have a huge
> > > set of dependencies on the main download.
> > >
> > > Paul
> > >
> > >
> > > On 12/19/05, Saminda Abeyruwan <samindaa@gmail.com> wrote:
> > > >
> > > >
> > > >
> > > > On 12/19/05, Mukund Balasubramanian < mukund@infravio.com> wrote:
> > > > >
> > > > > Where does the remaining configuration go?
> > > > >
> > > > > Into axis config?
> > > >
> > > >
> > > > Part of the configuration has to be handled by the
> > > > SecurityProcessor.process() method. This method handles the
> > > > configurations, which is present in Axis2.xml.
> > > >
> > > > The resources such as "information on key store", "PWCallback" and
> > > > other properties has to go into synapse_security.aar.
> > > >
> > > > {The programming model is somewhat close to AddressingInProcessor}
> > > >
> > > > Saminda
> > > >
> > > > My primary question is the interaction model between synapse xml and
> > > > > axis xml.
> > > > >
> > > > > Mukund Balasubramanian
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Saminda Abeyruwan <samindaa@gmail.com >
> > > > > To: synapse-dev@ws.apache.org <synapse-dev@ws.apache.org>
> > > > > Sent: Mon Dec 19 17:08:38 2005
> > > > > Subject: Security as a QOS
> > > > >
> > > > > Hi all,
> > > > >
> > > > > Axis2 comes with Security. As a first step towards building QOS
> > > > > for Synapse, we can use the Axis2's security implementation.
> > > > >
> > > > > The big picture is as follows, when synpase.xml has the following
> > > > > structure {minimum}
> > > > >
> > > > > <stage name="security">
> > > > > <engage-security/>
> > > > > </stage>
> > > > >
> > > > > will allow the Synapse to work with security.
> > > > >
> > > > > Rule author might come with a rule like
> > > > >
> > > > > <stage name="rule_set">
> > > > > <engage-security/>
> > > > > <engage-addressing-in/>
> > > > > <log/>
> > > > > <send/>
> > > > > </stage>
> > > > >
> > > > > The implementation process requires SecuirtyProcessor and
> > > > > SecurityProcessorConfigurator.
> > > > >
> > > > > I would like to give it a try and implement this for Synapse.
> > > > >
> > > > > Thoughts ?
> > > > >
> > > > > Saminda
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: synapse-dev-unsubscribe@ws.apache.org
> > > > > For additional commands, e-mail: synapse-dev-help@ws.apache.org
> > > > >
> > > > >
> > > >
> > >
> > >
> > > --
> > > Paul Fremantle
> > > VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
> > >
> > > http://bloglines.com/blog/paulfremantle
> > > paul@wso2.com
> > >
> > > "Oxygenating the Web Service Platform", www.wso2.com
> > >
> >
> >
>
>
> --
> Paul Fremantle
> VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
>
> http://bloglines.com/blog/paulfremantle
> paul@wso2.com
>
> "Oxygenating the Web Service Platform", www.wso2.com
>

Mime
View raw message