Given an instance where a company would place a server on its intranet (behind a firewall that does not allow incoming connections from the internet).
Now, If this company wanted to receive periodic updates to some semi-static data (iso country codes for instance) from a source on the internet. This source would need a VPN to get through the companies firewall (major hassle if this source has to update many servers, or if the company needs data updated from many different sources) or it could send a Signed and possibly Encrypted email to a mail account the company has set up for the server. The server checks it's email at a configured interval and processes any soap messages it finds there. The digital signature is used for message verification and authentication, while encryption could be used to protect sensitive parts of the message. The message is processed and it's response (or fault) is returned to the original sender via the mail server.
This method(with digital signatures/encryption) would be more secure than the Http(s) transport, Authentication would be near definite (rather hard to fake), the server would not be exposed to the big bad internet, and the company's IT guys don't have to set up a VPN to every outside source that needs to update data in the server.
All in all, and email transport with digital signatures and encryption has quite a bit of promise as a secure way to allow data to pass through/around a firewall without too much extra hassle. There would need to be a mechanism for key exchange, but no work on the part of IT.
-jason
On Thursday, November 14, 2002, at 07:21 AM, Matt Munz wrote:
Jason,-jason
Just out of curiosity, what would you use this for?
- Matt
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:jboss-development-admin@;lists.sourceforge.net]On Behalf Of Jason
Essington
Sent: Wednesday, November 13, 2002 5:48 PM
To: [EMAIL PROTECTED]
Subject: [JBoss-dev] jboss.net email transport
Hi all
I have managed to get a fairly crude email transport working in
jboss.net (It is lurking in head). I would appreciate any comments /
design ideas from folks who are interested.
Check the javadocs in org.jboss.net.axis.mail.MailTransportService to
see how to set it up.
It will currently process emails with simple soap messages (no
attachments). It requires the content type to be application/soap+xml
with the action attribute set to the desired service.
i.e. content-type: application/soap+xml; action=SomeService
The response message is returned to the sender via email.
Since email doesn't really have any type of authentication framework
the transport will only work with ejb's / ejb methods's that have
unchecked permissions.
I have been able to sign (DSA) a soap message using apache's
xml-security library and have jboss.net verify the signature (I haven't
submitted this handler yet, as it depends on the apache xml-security
library that would have to be added to the thirdparty libs).
I think this is the first step to some sort of authentication via email
(and cryptographic authentication by other transports as well). but . .
.
I haven't figured out how to go about trusting a given signature and
mapping it to a Subject. This is where I could use the help of someone
with a better knowledge of jaas and JBossSX than myself.
Thanks for any feedback
-jason
-------------------------------------------------------
This sf.net email is sponsored by: Are you worried about
your web server security? Click here for a FREE Thawte
Apache SSL Guide and answer your Apache SSL security
needs: http://www.gothawte.com/rd523.html
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
