On 4/19/06, Dain Sundstrom <[EMAIL PROTECTED]> wrote:
> On Apr 19, 2006, at 10:40 AM, Bruce Snyder wrote:
>
> > On 4/18/06, Hossam Karim <[EMAIL PROTECTED]> wrote:
> >> Just thinking:
> >> - Security is a service
> >> - A component installed inside SM can support a SM specific security
> >> contract, in which a security provider implementing this contract
> >> can be
> >> bound to one or more installed components. This provider can provide
> >> authentication, digital signature verification, XML encryption and
> >> decryption, integration with LDAP, etc.
> >> - A component that has a security provider installed should
> >> delegate all
> >> security operations to its provider.
> >> - A component that has a security provider should provide additional
> >> management operations through JMX to secure its lifecycle management.
> >
> > Actually I agree with Hossam here. I've always considered that
> > security would be delegated to other components, not built into the
> > core of each component. This will allow a wider variation of security
> > models to be addressed and will also allow custom security components
> > to be created to address custom security models on a per enterprise
> > basis.
>
> When coding Geronimo, I have found that as soon as I say, "no one
> will ever do X" someone shows me a service doing just that, so my
> question is, how will ServiceMix handle components that have security
> "built into the core"?
Let's say we have a model where one component per security contract, I
expect that these security components would be wired together via the
XBean configuration to be used in a sequence of other components that
need the security, e.g.:
componentA -> security-componentX -> componentB -> componentC ->
security-componentY
In effect, then we wouldn't expect a component with security built
into it to be wired to a security-specific component. But honestly I
doubt we can really address a situation like this until we encounter
one really - especially with security. There's no way to anticipate
all security models.
Bruce
--
perl -e 'print unpack("u30","D0G)[EMAIL
PROTECTED]&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*"
);'
Apache Geronimo - http://geronimo.apache.org/
Apache ActiveMQ - http://incubator.apache.org/activemq/
Apache ServiceMix - http://incubator.apache.org/servicemix/
Castor - http://castor.org/
