Two comments inline.
Venkata Krishnan wrote:
Hi,
The policy framework implementation is underway. We have some basic things
in place which allows the inclusion of policy intents and policysets into an
assembly model. There is simply sample policy that we have put in place
along with the echo-binding-extension sample to test this basic framework.
This is a part of the recent 0.99 release.
We shall be very soon adding support for some security policies with our ws
bindings. So you must soon be able to see the basic authentication support
coming out thro the ws bindings. Other than this, adding audit logging
could be something we can try out for implementation policies support.
I have created the following JIRA for this work:
http://issues.apache.org/jira/browse/TUSCANY-1651
It should help people interested in the security policy track progress,
add comments, or if people are interested in helping out with this work,
attach tests or implementation code :)
I have targeted the JIRA for the Tuscany SCA-1.0 release, which I'd like
to get out in a few weeks.
Thanks.
- Venkat
On 8/30/07, Skip Schuler [EMAIL PROTECTED] wrote:
Hi,
I'm currently evaluating SCA and Tuscany. I really like much of what I've
seen so far, especially when experimenting with the assembly model and
different bindings. What I'd like to know more about is the policy
framework. I think the clear separation of concern that SCA promotes is a
killer, however I don't see any good resources or samples. I've checked
the documentation link on the Tuscany site, and I've tested with Tuscany
Java version 0.91..
So my questions are:
(1) Are there policies available for me and my services (to leverage and
test)? If so, which and how (guidelines)?
(2) A particular use case I have is to (a) reference a web service
protected
by basic authentication, and (b) add audit logging to certain services
(invocations). I was thinking these were candidates for policies, however
I'm not sure how to approach this... Thoughts?
Thanks.
An initial implementation of the Policy framework is available now, so
you should be able to develop your own logging/auditing policy extension
and plug it in the framework. The APIs to do that are still a little
rough I think but trying them will help everybody get what they want in
terms of policy, if you're interested.
To see how a policy is implemented see the Encryption sample policy
classes in java/sca/samples/binding-echo.
IMO a logging policy would make another good sample for an
implementation policy (i.e. a policy that you attach to a component
implementation).
--
Jean-Sebastien
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
