[
https://wso2.org/jira/browse/MASHUP-650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16115#action_16115
]
Jonathan Marsh commented on MASHUP-650:
---------------------------------------
If there is no way to us WS-Security without a certificate (surely there must
be something we can do here), and we all know getting a valid certificate is
complex, then we we should consider the draconian option of dropping the
requirement that publishing a mashup be a secure operation. The current state
simply isn't tenable in an enterprise Mashup Server deployment.
Surely there are some secure P2P applications out there that don't require
valid certs on each end?
> Use WS-Security instead of https for mashup sharing
> ---------------------------------------------------
>
> Key: MASHUP-650
> URL: https://wso2.org/jira/browse/MASHUP-650
> Project: WSO2 Mashup Server
> Issue Type: New Feature
> Reporter: Jonathan Marsh
> Assignee: Tyrell Perera
> Fix For: 1.1
>
>
> Currently to share the dest machine needs a valid cert to enable https
> communication. Since we own both ends of the communication, can't we use
> WS-Security over http to protect the un/pw being sent along with the mashup
> zip?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
