I think we should also give #2 in the case for deployments that are fully inside a firewall, and network is trusted.
--Srinath On Mon, May 14, 2012 at 10:00 PM, Tharindu Mathew <[email protected]> wrote: > If performance is a concern, I suggest we provide two options: > > 1. Do all communication under HTTPS (TLS if possible) > > 2. Do communication after the Authentication step using the Thrift native > transport. > > #2 will show the true speed of thrift. #1 can be done when information is > sensitive, and performance is not the most important factor. > > > On Mon, May 14, 2012 at 7:16 PM, Paul Fremantle <[email protected]> wrote: >> >> I thought we agreed to use Thrift over TLS for all BAM events? I don't see >> how we can avoid that - this is secure, sensitive data. I don't believe the >> overhead will be too bad. >> >> There's a nice blog on it too :-) >> http://chamibuddhika.wordpress.com/2011/10/03/securing-a-thrift-service/ >> >> Paul >> >> >> On 14 May 2012 14:06, Maninda Edirisooriya <[email protected]> wrote: >>> >>> Yes. Your point is clear. I will do it only with IP and port of the >>> thrift server as you mentioned. But as we have talked off line there is a >>> large security hole there. Due to performance requirements we cannot >>> implement Thrift over a secure channel. A passive attacker can eavesdrop and >>> and active attacker can modify the content transmitted to the Thrift server >>> as the content is not encrypted or signed. >>> >>> >>> On Fri, May 11, 2012 at 7:17 PM, Amila Suriarachchi <[email protected]> >>> wrote: >>>> >>>> >>>> >>>> On Fri, May 11, 2012 at 5:17 PM, Paul Fremantle <[email protected]> wrote: >>>>> >>>>> Wouldn't it be better to have the username/password, connection >>>>> properties stored elsewhere under a logical name (BAM Server) and the >>>>> mediator config to choose: >>>>> 1) which BAM server (i.e. which logical set, with a default) >>>>> 2) what to log (e.g. just standard stuff - response time etc) or whole >>>>> message or specific properties >>>>> >>>>> It doesn't seem right that I might add one BAM server and have to >>>>> define the URL, uid/pw in every flow. >>>> >>>> >>>> +1. you can use the same concept we have used in CEP to define brokers >>>> and refer them in the bucket configurations. >>>> >>>> In the configuration, >>>> >>>> there is a Agent server URL and another port. This communication >>>> actually happens through thrift so you may not need a https address there. >>>> I >>>> think the only thing you need to have is Agent Host and port. >>>> >>>> thanks, >>>> Amila. >>>> >>>>> >>>>> Paul >>>>> >>>>> On 11 May 2012 12:36, Tharindu Mathew <[email protected]> wrote: >>>>>> >>>>>> Let's think about re-using the Activity Mediation BE as well... >>>>>> Someone may prefer to configure this and re-use in the mediator. >>>>>> >>>>>> >>>>>> On Fri, May 11, 2012 at 12:41 PM, Maninda Edirisooriya >>>>>> <[email protected]> wrote: >>>>>>> >>>>>>> Here it is. Properties are not shown here but expect to include that >>>>>>> as a table as in the existing class mediator. >>>>>>> Feedbacks are welcome. >>>>>>> >>>>>>> >>>>>>> On Thu, May 10, 2012 at 9:43 PM, Tharindu Mathew <[email protected]> >>>>>>> wrote: >>>>>>>> >>>>>>>> Can you include a screen shot of how it looks through the Mediator >>>>>>>> UI? >>>>>>>> >>>>>>>> On Thu, May 10, 2012 at 7:23 PM, Maninda Edirisooriya >>>>>>>> <[email protected]> wrote: >>>>>>>>> >>>>>>>>> I am implementing a built in mediator for ESB as mediation data >>>>>>>>> agent for BAM. Already we have an existing class mediator for bam but >>>>>>>>> this >>>>>>>>> new BAM mediator will be a first class citizen in ESB which will >>>>>>>>> enable the >>>>>>>>> user to simply click and add the BAM mediator to the mediator >>>>>>>>> sequence. >>>>>>>>> At the moment we have added a sketch of the code to >>>>>>>>> https://svn.wso2.org/repos/wso2/carbon/platform/trunk/components/mediators/bam/ >>>>>>>>> . It is still not added to the main build. We have planned to add >>>>>>>>> this to >>>>>>>>> the build after reviewing the code. >>>>>>>>> Basic architecture is given in >>>>>>>>> https://docs.google.com/a/wso2.com/document/d/1axpgrWv1bLCT_B-2U567LAIJO2ydO9-ckitjAXmYG8Q/edit >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Regards, >>>>>>>> >>>>>>>> Tharindu >>>>>>>> >>>>>>>> blog: http://mackiemathew.com/ >>>>>>>> M: +94777759908 >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> >>>>>> Tharindu >>>>>> >>>>>> blog: http://mackiemathew.com/ >>>>>> M: +94777759908 >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Paul Fremantle >>>>> CTO and Co-Founder, WSO2 >>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>>>> >>>>> UK: +44 207 096 0336 >>>>> US: +1 646 595 7614 >>>>> >>>>> blog: http://pzf.fremantle.org >>>>> twitter.com/pzfreo >>>>> [email protected] >>>>> >>>>> wso2.com Lean Enterprise Middleware >>>>> >>>>> Disclaimer: This communication may contain privileged or other >>>>> confidential information and is intended exclusively for the addressee/s. >>>>> If >>>>> you are not the intended recipient/s, or believe that you may have >>>>> received >>>>> this communication in error, please reply to the sender indicating that >>>>> fact >>>>> and delete the copy you received and in addition, you should not print, >>>>> copy, retransmit, disseminate, or otherwise use the information contained >>>>> in >>>>> this communication. Internet communications cannot be guaranteed to be >>>>> timely, secure, error or virus-free. The sender does not accept liability >>>>> for any errors or omissions. >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>> >>>> >>>> >>>> -- >>>> Amila Suriarachchi >>>> >>>> Software Architect >>>> WSO2 Inc. ; http://wso2.com >>>> lean . enterprise . middleware >>>> >>>> phone : +94 71 3082805 >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>> >> >> >> >> -- >> Paul Fremantle >> CTO and Co-Founder, WSO2 >> OASIS WS-RX TC Co-chair, VP, Apache Synapse >> >> UK: +44 207 096 0336 >> US: +1 646 595 7614 >> >> blog: http://pzf.fremantle.org >> twitter.com/pzfreo >> [email protected] >> >> wso2.com Lean Enterprise Middleware >> >> Disclaimer: This communication may contain privileged or other >> confidential information and is intended exclusively for the addressee/s. If >> you are not the intended recipient/s, or believe that you may have received >> this communication in error, please reply to the sender indicating that fact >> and delete the copy you received and in addition, you should not print, >> copy, retransmit, disseminate, or otherwise use the information contained in >> this communication. Internet communications cannot be guaranteed to be >> timely, secure, error or virus-free. The sender does not accept liability >> for any errors or omissions. >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > > -- > Regards, > > Tharindu > > blog: http://mackiemathew.com/ > M: +94777759908 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- ============================ Srinath Perera, Ph.D. http://www.cs.indiana.edu/~hperera/ http://srinathsview.blogspot.com/ _______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
