[Architecture] WS-Discovery: Server-side security for the Discovery proxy
Hiranya Jayathilaka
hiranya at wso2.com
Fri Feb 12 00:21:08 EST 2010
On Fri, Feb 12, 2010 at 10:37 AM, Tharindu Mathew <tharindu at wso2.com> wrote:
>
> On Fri, Feb 12, 2010 at 10:28 AM, Thilina Mahesh Buddhika <
> thilinab at wso2.com> wrote:
>
>>
>>
>> On Fri, Feb 12, 2010 at 9:59 AM, Hiranya Jayathilaka <hiranya at wso2.com>wrote:
>>
>>>
>>>
>>> On Fri, Feb 12, 2010 at 9:35 AM, Thilina Mahesh Buddhika <
>>> thilinab at wso2.com> wrote:
>>>
>>>>
>>>>
>>>> On Thu, Feb 11, 2010 at 11:07 PM, Hiranya Jayathilaka <hiranya at wso2.com
>>>> > wrote:
>>>>
>>>>>
>>>>>
>>>>> On Thu, Feb 11, 2010 at 10:37 PM, Tharindu Mathew <tharindu at wso2.com>wrote:
>>>>>
>>>>>> +1, Since this is also deployed as an Axis2 service the same code
>>>>>> should work with some minor modifications.
>>>>>>
>>>>>
>>>>> Actually we had an offline discussion with the security team regarding
>>>>> this requirement.
>>>>>
>>>>> Tharindu, does the security model you have put in place allow the user
>>>>> to specify a security policy for the service? If so how is it done (through
>>>>> UI or some other mechanism)?
>>>>>
>>>>
>>>> In Registry WS-API case, the policy is embedded in services.xml and user
>>>> is not given the flexibility of changing it. But users have the option of
>>>> either using WS Security or HTTPS Basic Auth.
>>>>
>>>
>>> I think we can adopt the same model for WS-D proxy. WS-D spec specifies a
>>> recommended security policy for securing WS-D messages. We can use that as
>>> the default policy in the services.xml and give the user the option to
>>> enable/disable security as he likes.
>>>
>>
>> +1.
>>
>> When the requirement is to have end-to-end security users can use
>> WS-Security while using Basic Auth when performance is critical.
>>
>> +1 . Also the flexibility of editing the policy needed through UI should
> be integrated to WS Registry. Is it going to be integrated in the case of
> WS-Discovery?
>
Ideally we should do it. I'm currently working on the discovery management
UI. Once that is done I can invest sometime on implementing a management UI
for the discovery proxy.
Thanks,
Hiranya
>
> Thanks.
>> /thilina
>>
>>>
>>> Thanks,
>>> Hiranya
>>>
>>>
>>>>
>>>> Thanks.
>>>> /thilina
>>>>
>>>>
>>>>>
>>>>> Thanks,
>>>>> Hiranya
>>>>>
>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Tharindu
>>>>>>
>>>>>>
>>>>>> On Thu, Feb 11, 2010 at 10:33 PM, Senaka Fernando <senaka at wso2.com>wrote:
>>>>>>
>>>>>>> Hi Hiranya,
>>>>>>>
>>>>>>> Now that an initial working version of the WS-Discovery proxy has
>>>>>>> been done, I believe that we need to focus into the security aspects for the
>>>>>>> next. IMHO, we need to follow a model similar to what Tharindu has in place
>>>>>>> for the Registry WS-API, for the security of the WS-Discovery proxy. If it
>>>>>>> is possible to make use of the same code, that would be ideal. WDYT?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Senaka.
>>>>>>>
>>>>>>> --
>>>>>>> Senaka Fernando
>>>>>>> Software Engineer
>>>>>>> WSO2 Inc.
>>>>>>> E-mail: senaka AT wso2.com; Mobile: +94 77 322 1818
>>>>>>>
>>>>>>> http://www.wso2.com/ - "Lean . Enterprise . Middleware"
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Architecture mailing list
>>>>>>> Architecture at wso2.org
>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Architecture mailing list
>>>>>> Architecture at wso2.org
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Hiranya Jayathilaka
>>>>> Software Engineer;
>>>>> WSO2 Inc.; http://wso2.org
>>>>> E-mail: hiranya at wso2.com; Mobile: +94 77 633 3491
>>>>> Blog: http://techfeast-hiranya.blogspot.com
>>>>>
>>>>> _______________________________________________
>>>>> Architecture mailing list
>>>>> Architecture at wso2.org
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thilina Mahesh Buddhika
>>>> WSO2 Inc. ; http://wso2.com
>>>> http://blog.thilinamb.com
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> Architecture at wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>> Hiranya Jayathilaka
>>> Software Engineer;
>>> WSO2 Inc.; http://wso2.org
>>> E-mail: hiranya at wso2.com; Mobile: +94 77 633 3491
>>> Blog: http://techfeast-hiranya.blogspot.com
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> Architecture at wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Thilina Mahesh Buddhika
>> WSO2 Inc. ; http://wso2.com
>> http://blog.thilinamb.com
>>
>> _______________________________________________
>> Architecture mailing list
>> Architecture at wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
> _______________________________________________
> Architecture mailing list
> Architecture at wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
--
Hiranya Jayathilaka
Software Engineer;
WSO2 Inc.; http://wso2.org
E-mail: hiranya at wso2.com; Mobile: +94 77 633 3491
Blog: http://techfeast-hiranya.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.wso2.org/pipermail/architecture/attachments/20100212/b30e26ba/attachment.html>
More information about the Architecture
mailing list