security

[yannick guionnet <ya...@gmail.com>]

Question to alex boisvert:

Why security is not adressed in Integration layer ?
With the choices being made how can we plugged into ODE and/or Tempo
WS-security implementation Apache WSS4J above AXIS2?
Otherwise what is your plan/roadmap about security ?

Thanks
Yannick

Re: security

[Alex Boisvert <bo...@intalio.com>]

Hi Yannick,

On Tue, Jul 8, 2008 at 1:38 AM, yannick guionnet <ya...@gmail.com>
wrote:

> Why security is not adressed in Integration layer ?


We've recently done some work towards having more security integration in
the IL (mostly Axis2).  It should soon be possible to setup Axis2 with
Rampart and send/receive secured messages using WS-Security on a
per-endpoint basis, for example.

Related to security at the BPEL level, I hope to publishing a spec soonish
related to security assertions in BPEL invoke/receives.


> Otherwise what is your plan/roadmap about security ?


Speaking for myself and not the project at large, it would go roughly as:
1) Finish WS-Security integration in the IL
2) Publish spec and implement security assertions in BPEL
3) Implement BPEL4People extensions

It's also good to note that Tempo already fulfills many security needs via
loose integration, and you can use HTTPS or other secured transports (e.g.
JMS) as well.

alex