You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tuscany.apache.org by Jean-Sebastien Delfino <js...@apache.org> on 2008/10/01 05:05:23 UTC

Overview of security policy support?

There's quite a few moving parts now to support various security 
policies with Web Services. Some code in binding-ws-axis2, 
binding-ws-axis2-policy, policy-security-ws, policy-security and a 
number of samples and itests.

So far I've not been able to really grasp all this. Is there an overview 
of what each part does and/or how they relate to each other?

Thanks
-- 
Jean-Sebastien

Re: Overview of security policy support?

Posted by Simon Laws <si...@googlemail.com>.

On Wed, Oct 1, 2008 at 4:05 AM, Jean-Sebastien Delfino <jsdelfino@apache.org
> wrote:

> There's quite a few moving parts now to support various security policies
> with Web Services. Some code in binding-ws-axis2, binding-ws-axis2-policy,
> policy-security-ws, policy-security and a number of samples and itests.
>
> So far I've not been able to really grasp all this. Is there an overview of
> what each part does and/or how they relate to each other?
>
> Thanks
> --
> Jean-Sebastien
>

I've been putting what I know here (
http://cwiki.apache.org/confluence/display/TUSCANYWIKI/Policy). Note that
some of this information is getting out of date. I see 4 main groups of code
in the context of your question;

policy
    provides the intent/policyset code to model information read from
definitions.xml
policy-security
    provides pre-canned intent and policy set in definitions.xml files
    provides generic (i.e. not specific to a binding) policy models and
runtimes
binding-ws-axis2-policy - binding specific policy support
    provides pre-canned intent and policy set in definitions.xml files
    provides binding specific policy models and runtimes
binding-ws-axis2 - there may be runtime code that supports particular
policies.
    Look for particular policies and process accordingly

policy-security-ws is no longer in the build. I was going to check a few
things before suggesting we remove it altogether. Its contents have moved to
binding-ws-axis2-policy

Some of the policy runtimes, e.g. those that use the axis2 config params to
turn on rampart processing for ws security, still rely on the policy handler
support. I would hope we can rationalize that to be consistent with other
policies. I hope It will either be supported through hardcoded changes to
the binding or through the binding specific interceptors being discussed at
[1]

Regards

Simon

[1] http://markmail.org/message/hepvbftxec3elasm