[Architecture] WS-Discovery: Server-side security for the Discovery proxy

Thilina Mahesh Buddhika thilinab at wso2.com
Fri Feb 12 02:48:36 EST 2010 

On Fri, Feb 12, 2010 at 10:51 AM, Hiranya Jayathilaka <hiranya at wso2.com>wrote:

>
>
> On Fri, Feb 12, 2010 at 10:37 AM, Tharindu Mathew <tharindu at wso2.com>wrote:
>
>>
>> On Fri, Feb 12, 2010 at 10:28 AM, Thilina Mahesh Buddhika <
>> thilinab at wso2.com> wrote:
>>
>>>
>>>
>>> On Fri, Feb 12, 2010 at 9:59 AM, Hiranya Jayathilaka <hiranya at wso2.com>wrote:
>>>
>>>>
>>>>
>>>> On Fri, Feb 12, 2010 at 9:35 AM, Thilina Mahesh Buddhika <
>>>> thilinab at wso2.com> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Thu, Feb 11, 2010 at 11:07 PM, Hiranya Jayathilaka <
>>>>> hiranya at wso2.com> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Feb 11, 2010 at 10:37 PM, Tharindu Mathew <tharindu at wso2.com>wrote:
>>>>>>
>>>>>>> +1, Since this is also deployed as an Axis2 service the same code
>>>>>>> should work with some minor modifications.
>>>>>>>
>>>>>>
>>>>>> Actually we had an offline discussion with the security team regarding
>>>>>> this requirement.
>>>>>>
>>>>>> Tharindu, does the security model you have put in place allow the user
>>>>>> to specify a security policy for the service? If so how is it done (through
>>>>>> UI or some other mechanism)?
>>>>>>
>>>>>
>>>>> In Registry WS-API case, the policy is embedded in services.xml and
>>>>> user is not given the flexibility of changing it. But users have the option
>>>>> of either using WS Security or HTTPS Basic Auth.
>>>>>
>>>>
>>>> I think we can adopt the same model for WS-D proxy. WS-D spec specifies
>>>> a recommended security policy for securing WS-D messages. We can use that as
>>>> the default policy in the services.xml and give the user the option to
>>>> enable/disable security as he likes.
>>>>
>>>
>>> +1.
>>>
>>> When the requirement is to have end-to-end security users can use
>>> WS-Security while using Basic Auth when performance is critical.
>>>
>>> +1 . Also the flexibility of editing the policy needed through UI should
>> be integrated to WS Registry. Is it going to be integrated in the case of
>> WS-Discovery?
>>
>
> Ideally we should do it. I'm currently working on the discovery management
> UI. Once that is done I can invest sometime on implementing a management UI
> for the discovery proxy.
>
>
It would be easier to provide the option of configuring security in ESB,
since it already has the required components in place. But for G-Reg, there
would be some additional work involved. But offering this flexibility is
worth that effort.


Thanks.
/thilina


-- 
Thilina Mahesh Buddhika
WSO2 Inc. ; http://wso2.com
http://blog.thilinamb.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.wso2.org/pipermail/architecture/attachments/20100212/a17fc5bd/attachment.html>

More information about the Architecture mailing list