+1. The best non-repudiation method for request-response is the WSS1.1 Signature Confirmation. It would be great to provide a standard way to log these.
Basically this is a the client's signature signed by the server and returned: i.e. proof of acceptance of a message. If you want full audit then you need to do two request-response messages (one in each direction) with this on and then you get full audit at each end. START does this. http://freo.me/fT0OIH Paul On 1 February 2011 09:07, Amila Suriarachchi <am...@wso2.com> wrote: > > > On Tue, Feb 1, 2011 at 2:03 PM, Selvaratnam Uthaiyashankar < > shan...@wso2.com> wrote: > >> AFAIK, we don't store the messages due to efficiency. However, if you >> really need, you can write a custom module to record this information. You >> can engage the handlers before and after security handlers to capture the >> secured message and processed message. >> > > yes that is true. But should this functionality be provided by the carbon > framework. For an example if a user needs non repudiation they should add > some parameter and should be able to view the received messages. > > thanks, > Amila. > > >> >> Regards, >> Shankar >> >> On Tue, Feb 1, 2011 at 12:16 PM, Amila Suriarachchi <am...@wso2.com>wrote: >> >>> hi, >>> >>> I know that Carbon supports WS-Security and that can be used to provide >>> non repudiation. But is there a way to >>> store the secured message (message client has send) with the processed >>> message (after decrypting etc .. ) in order to find >>> the secured message for a given transaction. >>> >>> thanks, >>> Amila. >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> S.Uthaiyashankar >> Senior Architect & Senior Manager >> WSO2 Inc. >> http://wso2.com/ - "lean . enterprise . middleware" >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Paul Fremantle CTO and Co-Founder, WSO2 OASIS WS-RX TC Co-chair, VP, Apache Synapse Office: +44 844 484 8143 Cell: +44 798 447 4618 blog: http://pzf.fremantle.org twitter.com/pzfreo p...@wso2.com wso2.com Lean Enterprise Middleware Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, retransmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
