On 12/22/05, Paul Fremantle <pzfreo@gmail.com> wrote:
Saminda

One use case I imagine for Synapse is to handle multiple different security configurations. I don't believe we should do the security as an AAR.

Axis2  level if  we  want  to have security functionality we  need  need to have a aar. I don't know whether we can have this functionality as a jar

1) I think we should differentiate between different security models. WSS4J is just one potential model, so we should name the tag <engage-wss>. Probably we need different tags:
<engage-wss-auth-check>
<engage-wss-auth-add>
<engage-wss-sign-check>
<engage-wss-sign-add>
<engage-wss-encrypt>
<engage-wss-decrypt>

+1

2) I think the config should be possible to be "inline". We need a way of separating out config files - maybe a way of using reference to point to another file or even a repository, but it should be possible to have two different security configurations and the simplest way seems to me to have the config info as children of the tag.

3) we should make the WSS4J support into a JAR and use the SynapseExtension support (same with Sandesha), so that we don't have a huge set of dependencies on the main download.

Paul



On 12/19/05, Saminda Abeyruwan <samindaa@gmail.com> wrote:


On 12/19/05, Mukund Balasubramanian < mukund@infravio.com> wrote:
Where does the remaining configuration go?

Into axis config?

Part of the configuration has to be handled by the SecurityProcessor.process() method. This method handles the configurations, which is present in Axis2.xml.

The resources such as "information on key store", "PWCallback" and other properties has to go into synapse_security.aar.

{The programming model is somewhat close to AddressingInProcessor}

Saminda

My primary question is the interaction model between synapse xml and axis xml.

Mukund Balasubramanian




-----Original Message-----
From: Saminda Abeyruwan <samindaa@gmail.com >
To: synapse-dev@ws.apache.org <synapse-dev@ws.apache.org>
Sent: Mon Dec 19 17:08:38 2005
Subject: Security as a QOS

Hi all,

Axis2 comes with Security. As a first step towards building QOS for Synapse, we can use the Axis2's security implementation.

The big picture is as follows, when synpase.xml has the following structure {minimum}

<stage name="security">
<engage-security/>
</stage>

will allow the Synapse to work with security.

Rule author might come with a rule like

<stage name="rule_set">
<engage-security/>
<engage-addressing-in/>
<log/>
<send/>
</stage>

The implementation process requires SecuirtyProcessor and SecurityProcessorConfigurator.

I would like to give it a try and implement this for Synapse.

Thoughts ?

Saminda





---------------------------------------------------------------------
To unsubscribe, e-mail: synapse-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: synapse-dev-help@ws.apache.org





--
Paul Fremantle
VP/Technology, WSO2 and OASIS WS-RX TC Co-chair

http://bloglines.com/blog/paulfremantle
paul@wso2.com

"Oxygenating the Web Service Platform", www.wso2.com