SCA Java binding.http security policy (TUSCANY) edited by Luciano Resende
      Page: 
http://cwiki.apache.org/confluence/display/TUSCANY/SCA+Java+binding.http+security+policy
   Changes: 
http://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=99372&originalVersion=2&revisedVersion=3






Content:
---------------------------------------------------------------------

{section:border=false}
{column:width=15%}
{include: SCA Java Subproject Menu}
{include: Java SCA Menu New}
{column}
{column:width=85%}

h3. Security Policy support in HTTP and Web 2.0 Bindings

{info} work in progress {info}

h3. Scenarios

!scenario.jpg!

* A Web 2.0 application requires that a user get authenticated before it can 
access the application.
* A Web 2.0 application requires that all communication between client/server 
be done using SSL.
* A given service, exposed using a web 2.0 binding requires user authentication.
* A given operation, exposed using a web 2.0 binding requires user 
authentication.

h3.Policy Interceptor

The design approach that is being considered is to inject policy security 
interceptors, that would properly validate and enforce the security intents.
The authentication will be done using JAAS modules for authentication, and 
initially we would support authenticating to a list of username/password 
supplied by the application or using an LDAP.

!high_level_design.jpg|align=center!

{column}
{section}

---------------------------------------------------------------------
CONFLUENCE INFORMATION
This message is automatically generated by Confluence

Unsubscribe or edit your notifications preferences
   http://cwiki.apache.org/confluence/users/viewnotifications.action

If you think it was sent incorrectly contact one of the administrators
   http://cwiki.apache.org/confluence/administrators.action

If you want more information on Confluence, or have a bug to report see
   http://www.atlassian.com/software/confluence


Reply via email to