Manjula Peiris wrote:
Hi devs,
I have integrated the Rampart/C and security-policy for all the features
Rampart supporting up to now.(UsernameToken,Timestamp and encryption.)
This can be downloaded from
https://svn.apache.org/repos/asf/webservices/axis2/scratch/c/security-policy/c
This is the major change I have done.
Nice work Manjula...:)
When building or processing the message rampart get the configurations
from a rampart_context which wraps a security policy object.This was
previously done using rampart_actions which is created from
parametrs(inflowsecurity and outflowsecurity) in axis2.xml or
services.xml.
Since we don't have a general policy framework there are 2 approaches we
can follow to keep policies.
1.Keeping 1 agreed policy file in both server and client.(Initiator and
Recipient.)
-if we follow this, the message formats will be restricted. For example
if the initiator to recipient message is encrypted, then recipient to
initiator message will also be encrypted.
2.Keeping 2 policy files in each party.
- The Recipient will have initiators outgoing message policy and will
consider it as his incoming message policy and vice-versa. With this
approach message formats will not be restricted, but user will have the
overhead of keeping to many policy files.
+1 for the second approach.
We CANNOT assume that the incoming message's policy MUST be based on the
outgoing message's policy. To clarify this, think of a scenario where a
client authentication with a server. Server's policy is to accept
username tokens along with a timestamp. Once authenticated server sends
confidential data to the client. So the client's policy is to get data
Encrypted.
We cannot do this with approach1.
Keeping two policy files is not a problem as long as they reside on the
correct path :).
Another issue is how to give these policies to rampart.That is are we
going put them in axis2.xml or services.xml or any other way.
In the client side we can keep these policies in the axis2.xml.
In the server side we can have it either in axis2.xml (If policy is
common for all services) OR in the services.xml (If policy applies only
for that service).
It is great if we can resolve these issues before merging the scratch
with the head.
Thanks.
Manjula.
On Tue, 2007-01-23 at 15:06 +0530, Manjula Peiris wrote:
Hi all,
I have sent the patch implementing security policy for Rampart/c. In
order to integrate security policy with Rampart/C some significant
changes need to be done for some parts of Rampart/C. Meanwhile The
current Axis2/C (Rampart) code base may break due to these changes. So
can any one suggest a solution for this.
Thanks.
Manjula.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
