On Thu, Nov 26, 2009 at 1:42 PM, Paul Fremantle <[email protected]> wrote:
> True. I am willing to be convinced. I agree that if this is a *major* > change then we cannot fix it now. We really need to sort out the > difference between the services and admin, so we can separate them. > But we also need to have decent security controls. We ought to be able > to configure that /carbon requires HTTPS and /portal doesn't. > > +1 Tyrell > Paul > > > 2009/11/26 Sanjiva Weerawarana <[email protected]>: > > Well Paul said he *thinks* this is a blocker. I agree it'll be great to > have > > HTTP only but if it can't be done in the framework then I'd rather not > mess > > up the core by hacking it in. Let's get it fixed right. > > > > Sanjiva. > > On Thu, Nov 26, 2009 at 10:33 AM, Tyrell Perera <[email protected]> wrote: > >> > >> > >> On Thu, Nov 26, 2009 at 10:15 AM, Sanjiva Weerawarana <[email protected] > > > >> wrote: > >>> > >>> Also, we need to keep in mind the March plan to replace all Carbon > >>> authentication stuff with IS's corresponding components. > >> > >> The reason I asked this is Paul's blocker on GS yesterday asking us to > >> provide HTTP for portal. Essentially the portal is a bunch of Carbon UI > >> bundles. if the framework doesn't support it (at least as far as the > 2.0.2 > >> release is concerned), then we can't do HTTP, for this release at least. > >> > >> For a future release, we will have to re-visit the design of the UI > >> framework and get HTTP support in. > >> > >> > >> Tyrell > >> > >> > >>> > >>> Sanjiva. > >>> > >>> On Thu, Nov 26, 2009 at 9:58 AM, Afkham Azeez <[email protected]> wrote: > >>>> > >>>> If we just do that, users will be able to login via HTTP by mistake. > To > >>>> make it secure, and selectively enable HTTP, we will need to do more > work. > >>>> Azeez > >>>> > >>>> On Thu, Nov 26, 2009 at 9:54 AM, Sanjiva Weerawarana < > [email protected]> > >>>> wrote: > >>>>> > >>>>> Is that a difficult change? Isn't that a matter of turning on HTTP? > >>>>> Sanjiva. > >>>>> > >>>>> 2009/11/26 Afkham Azeez <[email protected]> > >>>>>> > >>>>>> I think that we have assumed that all UI bundles some how fit into > the > >>>>>> management console. Hence, they will be exposed only on HTTPS. > >>>>>> Ideally, the Carbon mgt console should also be accessible via > >>>>>> http://localhost:9763/carbon. Only after logging in, we should > switch to > >>>>>> HTTPS. > >>>>>> Azeez > >>>>>> > >>>>>> On Thu, Nov 26, 2009 at 7:52 AM, Tyrell Perera <[email protected]> > >>>>>> wrote: > >>>>>>> > >>>>>>> Is it possible for a Carbon UI bundle to run in HTTP mode? These > >>>>>>> bundles will of course have corresponding back-end bundles, that > talks to > >>>>>>> the Registry etc. > >>>>>>> > >>>>>>> At the moment, the UI framework redirects all HTTP requests to > HTTPS > >>>>>>> as far as I can see. > >>>>>>> > >>>>>>> thanks, > >>>>>>> Tyrell > >>>>>>> > >>>>>>> > >>>>>>> -- > >>>>>>> Tyrell Perera > >>>>>>> WSO2, Inc.; http://www.wso2.com/ > >>>>>>> "The Open Source SOA Company" > >>>>>>> > >>>>>>> http://www.linkedin.com/in/tyrell > >>>>>>> http://tyrellperera.blogspot.com > >>>>>>> http://twitter.com/tyrellperera > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> Carbon-dev mailing list > >>>>>>> [email protected] > >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> -- > >>>>>> Afkham Azeez > >>>>>> [email protected] > >>>>>> WSO2 Inc. http://wso2.com > >>>>>> Blog: http://afkham.org > >>>>>> > >>>>>> _______________________________________________ > >>>>>> Carbon-dev mailing list > >>>>>> [email protected] > >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Sanjiva Weerawarana, Ph.D. > >>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ > >>>>> email: [email protected]; phone: +1 408 754 7388 x51726; cell: +94 77 > >>>>> 787 6880 > >>>>> blog: http://sanjiva.weerawarana.org/ > >>>>> > >>>>> The Open Source SOA Company > >>>>> > >>>>> _______________________________________________ > >>>>> Carbon-dev mailing list > >>>>> [email protected] > >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> -- > >>>> Afkham Azeez > >>>> [email protected] > >>>> WSO2 Inc. http://wso2.com > >>>> Blog: http://afkham.org > >>>> > >>>> _______________________________________________ > >>>> Carbon-dev mailing list > >>>> [email protected] > >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>>> > >>> > >>> > >>> > >>> -- > >>> Sanjiva Weerawarana, Ph.D. > >>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ > >>> email: [email protected]; phone: +1 408 754 7388 x51726; cell: +94 77 > 787 > >>> 6880 > >>> blog: http://sanjiva.weerawarana.org/ > >>> > >>> The Open Source SOA Company > >>> > >>> _______________________________________________ > >>> Carbon-dev mailing list > >>> [email protected] > >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>> > >> > >> > >> > >> -- > >> Tyrell Perera > >> WSO2, Inc.; http://www.wso2.com/ > >> "The Open Source SOA Company" > >> > >> http://www.linkedin.com/in/tyrell > >> http://tyrellperera.blogspot.com > >> http://twitter.com/tyrellperera > >> > >> _______________________________________________ > >> Carbon-dev mailing list > >> [email protected] > >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >> > > > > > > > > -- > > Sanjiva Weerawarana, Ph.D. > > Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ > > email: [email protected]; phone: +1 408 754 7388 x51726; cell: +94 77 787 > > 6880 > > blog: http://sanjiva.weerawarana.org/ > > > > The Open Source SOA Company > > > > _______________________________________________ > > Carbon-dev mailing list > > [email protected] > > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > > > -- > Paul Fremantle > CTO and Co-Founder, WSO2 > OASIS WS-RX TC Co-chair > VP, Apache Synapse > > Office: +44 844 484 8143 > Cell: +44 798 447 4618 > > blog: http://pzf.fremantle.org > twitter.com/pzfreo > [email protected] > > WSO2 - a breath of fresh oxygen for enterprise middleware > http://wso2.com > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- Tyrell Perera WSO2, Inc.; http://www.wso2.com/ "The Open Source SOA Company" http://www.linkedin.com/in/tyrell http://tyrellperera.blogspot.com http://twitter.com/tyrellperera
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
