[Mashup-dev] Security scenarios integrated to the Mashup Server

Fri, 11 Jul 2008 08:46:00 -0700 

Hi all,

I've integrated security capabilities to the Mashup Server. This allows 
uses to secure there Mashups using a set of most commonly Used security 
policies as well as access these mashups with ease. These security 
policies include,

    1. Username Token authentication over HTTPS
    2. Sign only - X509 Authentication
    3. Sign and encrypt - X509 Authentication
    4. Sign only - Anonymous clients
    5. Encrypt only - Anonymous clients
    6. Sign and Encrypt - Anonymous clients
    7. Encrypt only - Username Token Authentication
    8. Sign and Encrypt - Username Token Authentication
    9. SecureConversation - Sign only - Service as STS - Bootstrap 
policy - Sign and Encrypt , X509 Authentication
   10. SecureConversation - Encrypt only - Service as STS - Bootstrap 
policy - Sign and Encrypt , X509 Authentication
   11. SecureConversation - Sign and Encrypt - Service as STS - 
Bootstrap policy - Sign and Encrypt , X509 Authentication
   12. SecureConversation - Sign Only - Service as STS - Bootstrap 
policy - Sign and Encrypt , Anonymous clients
   13. SecureConversation - Encrypt Only - Service as STS - Bootstrap 
policy - Sign and Encrypt , Anonymous clients
   14. SecureConversation - Encrypt Only - Service as STS - Bootstrap 
policy - Sign and Encrypt , Username Token Authentication
   15. SecureConversation - Sign and Encrypt - Service as STS - 
Bootstrap policy - Sign and Encrypt , Username Token Authentication


I have used the default security scenarios that WSAS ships with. The 
security scenarios there need provision for unlimited security 
jurisdiction. Hence will not work out of the box. I can make it work out 
of the box by reducing the keysize to 128 instead of 256 (These are just 
policy files so if a user wants to use greater security he can set it to 
256).

WDYT? I inclined to changing the security policies to use a keysize of 128.

NOTE: Some of the scenarios listed above need provision for unlimited 
security jurisdiction. This will basically be couple of Jar files, which 
will be available at Java Cryptography Extension (JCE) Unlimited 
Strength Jurisdiction Policy Files.  Download jce_policy-x_y_z.zip 
(relevant to your JDK version) and extract the jar files 
local_policy.jar and US_export_policy.jar to $JAVA_HOME/jre/lib/security.

Thanks,
Keith.

_______________________________________________
Mashup-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/mashup-dev

Reply via email to