Hi all, Currently most security stuff handled at rampart level (except OAuth and XACML which is done via mediators). Even for http basic auth, we converts those to WS-Sec headers and validate via rampart which is really expensive.
If we have a HTTP basic auth mediator, we can do it even without touching payload and can get performance almost equal to passthrough proxying. Even we may be able to handle WS username token without rampart. WDYT? -- Miyuru Wanninayaka Technical Lead WSO2 Inc. : http://wso2.com Mobile : +94 77 209 9788 Blog : http://miyurudw.blogspot.com Flickr : http://www.flickr.com/photos/miyuru_daminda
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
