Um I'm confused Nandana ... I thought our strategy is Rampart2, which *is* policy-aware. Why would we invest anything into WSS4J at this point?
Sanjiva. 2009/6/16 Nandana Mihindukulasooriya <[email protected]> > +1, I also agree that Security Policy stuff should be ideally in WSS4J or > Neethi and eventually we should make WSS4J security policy aware. Both > Rampart and CXF will benefit from that. > > thanks, > Nandana > > On Mon, Jun 15, 2009 at 8:19 PM, Daniel Kulp <[email protected]> wrote: > > > > > Some of you have noticed some discussions on WSCOMMONS-299. I've also > > been > > thinking about some of those issues and I DID have a discussion with Glen > > Daniels at TSSJS about the possibility of starting work on a Neethi 3.0. > > With the comments and stuff on WSCOMMONS-299, it might be time to really > > start > > it. Thus, I'd like to "svn cp" the trunk to a 2.x branch for future > > maintenance and start making trunk 3.0. > > > > Things I'd like tackled for 3.0: > > > > 1) Java 5 - make the collections and everything typed. Use Enums where > > appropriate, etc.... Basically, general cleanup. Also, I see that many > > operations aren't threadsafe due to use of HashMap's with no > > synchronization. > > Possibly fix those with ConcurrentHashMaps or similar. > > > > 2) Better support for the nested policies as described in WSCOMMONS-299. > > > > 3) Change the builders to use XMLStreamReader. The Policies use > > XMLStreamWriter. For consistency, using the reader is preferred. This > > also > > removes Axiom as a dependency making the requirement list smaller. > > > > 4) With (3) fixed, most of the Neethi "fork" we have in CXF can be ported > > back. CXF has a few utilities and such that would be good to push back > and > > then remove from CXF. > > > > 5) Once all of that is done, it would open up the door to allow some more > > "common" Policies objects for standard policies. Some could be in > Neethi > > directly (things like policies objects for WS-Addressing assertions, mtom > > stuff, etc...). Others, like the WS-SecurityPolicy stuff could either > go > > into Neethi or might be better in WSS4J. This could help eliminate a > > BUNCH > > of duplicate code between users of Neethi, particularly CXF and Rampart. > > (maybe if I keep pushing similar code down into commons, we can have a > big > > merger in the future. Acxfis 3? Maybe not. :-) ) > > > > 6) Support for WS-Policy 1.5. > > > > Anyway, if no one really objects to starting the 3.0 work, I'd like to > > create > > the 2.x branch later this week. Thoughts? > > > > BTW: This is also why I STRONGLY am in favor of Neethi staying in commons > > and > > not going to an Axis2 TLP. > > > > -- > > Daniel Kulp > > [email protected] > > http://www.dankulp.com/blog > > > -- Sanjiva Weerawarana, Ph.D. Founder, Director & Chief Scientist; Lanka Software Foundation; http://www.opensource.lk/ Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/ Member; Apache Software Foundation; http://www.apache.org/ Visiting Lecturer; University of Moratuwa; http://www.cse.mrt.ac.lk/ Blog: http://sanjiva.weerawarana.org/
