May be just a crazy little thought... Instead of just a basic auth + username token mediator, why don't we have a generalized *message security mediator that can hide the complexity of rampart config (for WS-Sec scenarios) whilst providing the same or similar configuration interface for stuff like basic auth at the same time? I am in the view of enforcing security is *kind of a mediation itself, similar to bringing in entitlements mediator to handle another level of security.
Nevertheless, +1 for a lightweight basic auth mediator which is a common use case. Regards, Manoj On Wed, Nov 13, 2013 at 10:24 PM, Miyuru Wanninayaka <[email protected]>wrote: > Hi all, > > Currently most security stuff handled at rampart level (except OAuth and > XACML which is done via mediators). Even for http basic auth, we converts > those to WS-Sec headers and validate via rampart which is really expensive. > > If we have a HTTP basic auth mediator, we can do it even without touching > payload and can get performance almost equal to passthrough proxying. > > Even we may be able to handle WS username token without rampart. > > WDYT? > > -- > Miyuru Wanninayaka > Technical Lead > WSO2 Inc. : http://wso2.com > > Mobile : +94 77 209 9788 > Blog : http://miyurudw.blogspot.com > Flickr : http://www.flickr.com/photos/miyuru_daminda > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Manoj Fernando Director - Solutions Architecture Contact: LK - +94 112 145345 Mob: +94 773 759340 www.wso2.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
