Hi Miyuru, +1. Infact Basic Auth mediator should be a MUST have. It's the most simple but a very common authentication mechanism. And optionally keep the support for Digest Authentication as well in the same mediator. And lets keep in mind the multiple user stores story when creating this mediator, user core should handle it but still know that we might not always want to do authentication against the primary user store, but against a secondary userstore as well.
Thanks, -Suresh On Wed, Nov 13, 2013 at 8:54 AM, Miyuru Wanninayaka <[email protected]> wrote: > Hi all, > > Currently most security stuff handled at rampart level (except OAuth and > XACML which is done via mediators). Even for http basic auth, we converts > those to WS-Sec headers and validate via rampart which is really expensive. > > If we have a HTTP basic auth mediator, we can do it even without touching > payload and can get performance almost equal to passthrough proxying. > > Even we may be able to handle WS username token without rampart. > > WDYT? > > -- > Miyuru Wanninayaka > Technical Lead > WSO2 Inc. : http://wso2.com > > Mobile : +94 77 209 9788 > Blog : http://miyurudw.blogspot.com > Flickr : http://www.flickr.com/photos/miyuru_daminda > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Suresh Attanayake Senior Software Engineer; WSO2 Inc. http://wso2.com/ Blog : http://sureshatt.blogspot.com/ Web : http://www.ssoarcade.com/ Facebook : https://www.facebook.com/IdentityWorld Twitter : https://twitter.com/sureshatt LinkedIn : http://lk.linkedin.com/in/sureshatt Mobile : +94755012060 Mobile : +016166171172
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
