On Jun 4, 2007, at 10:46 PM, Serge Merzliakov wrote:
Hi,
As a newcomer, I don't know much about Hessian (my day job
requires WS-Security, SOAP and the orthodox SOA stack...) but I
have got the samples working and like the simplicity very much. Are
there any plans to encrypt messages or some other message level
security (this excludes SSL) ? I know this strays into the WS-
Security space (and we don't wan't to reinvent the WS-* wheel) but
it would be a compelling argument for serious evaluation in most
firms considering SOA.
I'm starting to skim WS-Security and it looks nightmarish. For
Hessian, I'm thinking the following envelope syntax might make sense:
envelope ::=
'E' x02 x00 # Envelope for Hessian 2.0
method # envelope type (possibly use string instead of 'm')
int # number of headers
(string object)* # header values
binary # encapsulated body
int # number of footers
(string object)* # footer values
The envelope could be nestable, i.e. the body could be another
envelope or it could be the wrapped call/reply Hessian message.
The method would select a filter/envelope handler, which would be
responsible for unwrapping the header.
For security, headers would contain things like encryption keys/
algorithms for encryption, auth tokens. Footers would contain things
like signatures/digests.
I need to continue looking at WS-Security to see if there's anything
that fails to fit this model (I've only started looking), but I'd
think this would be general enough.
-- Scott
Regards,
Serge Merzliakov
This message and any attachment is confidential and may
be privileged or otherwise protected from disclosure. If you
have received it by mistake, please let us know by reply
and then delete it from your system; you should not copy
the message or disclose its contents to anyone.
_______________________________________________
hessian-interest mailing list
[email protected]
http://maillist.caucho.com/mailman/listinfo/hessian-interest
_______________________________________________
hessian-interest mailing list
[email protected]
http://maillist.caucho.com/mailman/listinfo/hessian-interest
