You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by co...@apache.org on 2008/10/14 08:57:00 UTC
[CONF] Apache Tuscany: SCA Java binding.http security policy
section (page edited)
SCA Java binding.http security policy section (TUSCANY) edited by Luciano Resende
Page: http://cwiki.apache.org/confluence/display/TUSCANY/SCA+Java+binding.http+security+policy+section
Changes: http://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=99372&originalVersion=3&revisedVersion=4
Content:
---------------------------------------------------------------------
h3. Security Policy support in HTTP and Web 2.0 Bindings
{info} work in progress {info}
h3. Scenarios
!scenario.jpg!
* A Web 2.0 application requires that a user get authenticated before it can access the application.
* A Web 2.0 application requires that all communication between client/server be done using SSL.
* A given service, exposed using a web 2.0 binding requires user authentication.
* A given operation, exposed using a web 2.0 binding requires user authentication.
h3.Policy Interceptor
The design approach that is being considered is to inject policy security interceptors, that would properly validate and enforce the security intents.
The authentication will be done using JAAS modules for authentication, and initially we would support authenticating to a list of username/password supplied by the application or using an LDAP.
!high_level_design.jpg|align=center!
---------------------------------------------------------------------
CONFLUENCE INFORMATION
This message is automatically generated by Confluence
Unsubscribe or edit your notifications preferences
http://cwiki.apache.org/confluence/users/viewnotifications.action
If you think it was sent incorrectly contact one of the administrators
http://cwiki.apache.org/confluence/administrators.action
If you want more information on Confluence, or have a bug to report see
http://www.atlassian.com/software/confluence