If performance is a concern, I suggest we provide two options: 1. Do all communication under HTTPS (TLS if possible)
2. Do communication after the Authentication step using the Thrift native transport. #2 will show the true speed of thrift. #1 can be done when information is sensitive, and performance is not the most important factor. On Mon, May 14, 2012 at 7:16 PM, Paul Fremantle <[email protected]> wrote: > I thought we agreed to use Thrift over TLS for all BAM events? I don't see > how we can avoid that - this is secure, sensitive data. I don't believe the > overhead will be too bad. > > There's a nice blog on it too :-) > http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/ > > Paul > > > On 14 May 2012 14:06, Maninda Edirisooriya <[email protected]> wrote: > >> Yes. Your point is clear. I will do it only with IP and port of the >> thrift server as you mentioned. But as we have talked off line there is a >> large security hole there. Due to performance requirements we cannot >> implement Thrift over a secure channel. A passive attacker can eavesdrop >> and and active attacker can modify the content transmitted to the Thrift >> server as the content is not encrypted or signed. >> >> >> On Fri, May 11, 2012 at 7:17 PM, Amila Suriarachchi <[email protected]>wrote: >> >>> >>> >>> On Fri, May 11, 2012 at 5:17 PM, Paul Fremantle <[email protected]> wrote: >>> >>>> Wouldn't it be better to have the username/password, connection >>>> properties stored elsewhere under a logical name (BAM Server) and the >>>> mediator config to choose: >>>> 1) which BAM server (i.e. which logical set, with a default) >>>> 2) what to log (e.g. just standard stuff - response time etc) or whole >>>> message or specific properties >>>> >>>> It doesn't seem right that I might add one BAM server and have to >>>> define the URL, uid/pw in every flow. >>>> >>> >>> +1. you can use the same concept we have used in CEP to define brokers >>> and refer them in the bucket configurations. >>> >>> In the configuration, >>> >>> there is a Agent server URL and another port. This communication >>> actually happens through thrift so you may not need a https address there. >>> I think the only thing you need to have is Agent Host and port. >>> >>> thanks, >>> Amila. >>> >>> >>>> Paul >>>> >>>> On 11 May 2012 12:36, Tharindu Mathew <[email protected]> wrote: >>>> >>>>> Let's think about re-using the Activity Mediation BE as well... >>>>> Someone may prefer to configure this and re-use in the mediator. >>>>> >>>>> >>>>> On Fri, May 11, 2012 at 12:41 PM, Maninda Edirisooriya < >>>>> [email protected]> wrote: >>>>> >>>>>> Here it is. Properties are not shown here but expect to include that >>>>>> as a table as in the existing class mediator. >>>>>> Feedbacks are welcome. >>>>>> >>>>>> >>>>>> On Thu, May 10, 2012 at 9:43 PM, Tharindu Mathew >>>>>> <[email protected]>wrote: >>>>>> >>>>>>> Can you include a screen shot of how it looks through the Mediator >>>>>>> UI? >>>>>>> >>>>>>> On Thu, May 10, 2012 at 7:23 PM, Maninda Edirisooriya < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> I am implementing a built in mediator for ESB as mediation data >>>>>>>> agent for BAM. Already we have an existing class mediator for bam but >>>>>>>> this >>>>>>>> new BAM mediator will be a first class citizen in ESB which will >>>>>>>> enable the >>>>>>>> user to simply click and add the BAM mediator to the mediator sequence. >>>>>>>> At the moment we have added a sketch of the code to >>>>>>>> https://svn.wso2.org/repos/wso2/carbon/platform/trunk/components/mediators/bam/. >>>>>>>> It is still not added to the main build. We have planned to add this >>>>>>>> to >>>>>>>> the build after reviewing the code. >>>>>>>> Basic architecture is given in >>>>>>>> https://docs.google.com/a/wso2.com/document/d/1axpgrWv1bLCT_B-2U567LAIJO2ydO9-ckitjAXmYG8Q/edit >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> >>>>>>> Tharindu >>>>>>> >>>>>>> blog: http://mackiemathew.com/ >>>>>>> M: +94777759908 >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> >>>>> Tharindu >>>>> >>>>> blog: http://mackiemathew.com/ >>>>> M: +94777759908 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Paul Fremantle >>>> CTO and Co-Founder, WSO2 >>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>>> >>>> UK: +44 207 096 0336 >>>> US: +1 646 595 7614 >>>> >>>> blog: http://pzf.fremantle.org >>>> twitter.com/pzfreo >>>> [email protected] >>>> >>>> wso2.com Lean Enterprise Middleware >>>> >>>> Disclaimer: This communication may contain privileged or other >>>> confidential information and is intended exclusively for the addressee/s. >>>> If you are not the intended recipient/s, or believe that you may have >>>> received this communication in error, please reply to the sender indicating >>>> that fact and delete the copy you received and in addition, you should not >>>> print, copy, retransmit, disseminate, or otherwise use the information >>>> contained in this communication. Internet communications cannot be >>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>> accept liability for any errors or omissions. >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> *Amila Suriarachchi* >>> >>> Software Architect >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 71 3082805 >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > > -- > Paul Fremantle > CTO and Co-Founder, WSO2 > OASIS WS-RX TC Co-chair, VP, Apache Synapse > > UK: +44 207 096 0336 > US: +1 646 595 7614 > > blog: http://pzf.fremantle.org > twitter.com/pzfreo > [email protected] > > wso2.com Lean Enterprise Middleware > > Disclaimer: This communication may contain privileged or other > confidential information and is intended exclusively for the addressee/s. > If you are not the intended recipient/s, or believe that you may have > received this communication in error, please reply to the sender indicating > that fact and delete the copy you received and in addition, you should not > print, copy, retransmit, disseminate, or otherwise use the information > contained in this communication. Internet communications cannot be > guaranteed to be timely, secure, error or virus-free. The sender does not > accept liability for any errors or omissions. > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Regards, Tharindu blog: http://mackiemathew.com/ M: +94777759908
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
