I actually see 4 parts to it,
1) Authentication/authorization on external endpoints
Here the engine it oblivious to what's happening on the outside.
For Axis2, we need better integration to bind process endpoints to Axis2
service configuration.
For JBI, we rely on binding components, so this already works.
2) Authentication/authorization on internal endpoints
This mostly concerns the JBI IL, although it could also apply to direct
process-to-process communication where we bypass the IL.
I guess we could consider extending the deployment descriptor to secure
internal process endpoints. Not sure this is a priority.
3) Propagation of security context between IL and engine
We need to extend the IL interface (both ways).
4) Accessing and setting the security context at the BPEL level
Like you said, need to define BPEL extensions.
I agree we can get started on #1 now. We should also continue the
discussion on 3 and 4...
alex
On 9/28/07, Matthieu Riou <[EMAIL PROTECTED]> wrote:
>
> [changing to dev@ as we're in dev land now]
>
> Just to clarify there are 2 different layers to this issue:
>
> 1. How do someone gets the authorization to invoke a given process and how
> do that process gets the authorization to invoke another service, assuming
> that the process itself is oblivious of this machinery. In this scenario
> there's nothing much to do at the engine level as authentication is
> handled
> by the integration layer (axis2). A simple endpoint/credential mapping
> could
> do the trick. The only issue I see is per-process configuration which
> could
> be handled either by extending our configuration descriptor or including
> and
> loading an Axis2 service.xml as part of the deployment unit.
>
> 2. How does a process gets aware of credentials and authorizations and
> manipulates them. Here we have more work and discussion to do (perhaps
> someone could draft a proposal that we could iterate upon?) as this will
> most probably require BPEL extensions.
>
> I think we should address 1 first and then extend it to allow 2 once we're
> ready. What do you think?
>
> Matthieu
>
