Author: svkrish
Date: Thu Jan 17 22:43:01 2008
New Revision: 613077
URL: http://svn.apache.org/viewvc?rev=613077&view=rev
Log:
added information related to what's different in this copy of the big-bank demo
Modified:
incubator/tuscany/branches/sca-java-1.1/demos/secure-bigbank/secure-bigbank-account/README
Modified:
incubator/tuscany/branches/sca-java-1.1/demos/secure-bigbank/secure-bigbank-account/README
URL:
http://svn.apache.org/viewvc/incubator/tuscany/branches/sca-java-1.1/demos/secure-bigbank/secure-bigbank-account/README?rev=613077&r1=613076&r2=613077&view=diff
==============================================================================
---
incubator/tuscany/branches/sca-java-1.1/demos/secure-bigbank/secure-bigbank-account/README
(original)
+++
incubator/tuscany/branches/sca-java-1.1/demos/secure-bigbank/secure-bigbank-account/README
Thu Jan 17 22:43:01 2008
@@ -1,8 +1,33 @@
Secure BigBank Demo
===================
-This application is a copy of the big bank demo but with various security
policies
-in force. For example, the wire between the AccountServiceComponent
requires="tuscany:wsAuthentication"
+This is a copy of the big-bank demo with modifications to demonstrate the use
of policies to enforce
+certain security aspects. We hope to evolve this further adding more flavours
of security. Here
+is an overview of how this copy of the big-bank demo differs from the
original...
+
+
+*) The AccountDataServiceComponent which used to return a customers savings,
checkings and stock account
+data has been replaced with three independent components for savings,
checkings and stock accounts. These
+components provide services related to obtaining a customer balance etc.
+ - Out of these three, the Checkings and Stock service components are
bound to the big-bank
+ thro webservices while the Savings Account service component uses the
SCA Binding.
+ - The Chekings Account webservice enforces authentication as a
security reqiurement. Hence all
+ service requests between the bigbank and the Checkings Account service
are authenticated
+ - Additionally the Checkings Account Implementation enforce
authorization checks that ensure that
+ only the owner of accounts access their details.
+ - Here we demonstrate how the 'authenticated' user token credentials
are passed from the CheckingsAccount
+ webservice over to the CheckingsAccount implementation for
authorization checks.
+
+*) The StockQuote webservice is adorned with 'integrity' i.e. all
communications between the bigbank and
+the StockQuote webservice and signed to ensure integrity of data exchanged. To
honour this requirement the
+StockQuote reference of the big-bank is also adorned with 'integrity' as a
security requirement.
+
+When you run this demo you will observe various console messages that reflect
the enforcement of authentication
+and authorization and integrity at varoius points of this application.
+
+
+Bigbank - General Information
+-----------------------------
The application is made of 3 modules that represent the different aspects
of a fictitious banking application. Please see bigbank.png in the
secure-bigbank-account
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
