Hi all, Given our plans to release MB 3.5.0 based on Carbon 5, Akalanka and I have been looking into the JAAS based authentication framework ongoing at repo [1].
As per our discussion with Thanuja, Omindu and Yasiru, excluding the REST services security exposed to the UI console, the current carbon-security implementation is lacking the following requirements in terms of MB behavior : 1. The current login implementation is based on an HTTP request where the request is passed across the login implementation whereas MB has JMS/ MQTT protocol messages containing the login information. 1. MB has the requirement to grant/ validate permissions to dynamically created queues/topic trees that are generated. 1. MB needs to validate permissions for these created queues and topic across the cluster which require a centralized storage mechanism (e.g. RDBMS) for the permissions. More information on MB authorization requirements can be found at mail [2]. Given this situation, should we generalize the authentication mechanism to be pluggable with transports other than HTTP ? Or consider JMS / MQTT as an exception ? Thanks [1] : https://github.com/wso2/carbon-kernel/tree/hamming-release-poc/modules/carbon-security <https://github.com/wso2/carbon-kernel/tree/hamming-release-poc/modules/carbon-security> [2] : [Mail] "Message Broker topic level security" -- Cheers, Hasitha Amal De Silva Software Engineer Mobile : 0772037426 Blog : http://devnutshell.tumblr.com/ WSO2 Inc.: http://wso2.com ( lean.enterprise.middleware. )
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
