Sergey Beryozkin wrote:
Hi
A number of CXF users have come across some limitations of its policy engine
which prevent them from
meeting otherwise expected results.
Particularly, what users expect from WS-Policy expressions is to set them up on
the server side and have client runtimes reuse them as appropriate.
Two issues are on the top of the list.
1. Policy engine needs to be explicitly enabled - this one should be simple to
fix
2. Policies do not automatically get published
There're two cases here.
2.a Java-first development
2.b Contract-first, WSDL is already there, policy are defined elsewehere
For the purpose of the publication policy expressions I'd like to consider 2
cases be equivalent.
In both case an issue of privacy may arise, that is, is a given policy
expression is safe to be published ?
When discussinf WS-SecurityPolicy, I thought we agreed in principle that one
way to solve the issue of privacy is to
not put the sensitive configuration into the policy expressions but into
features and then the runtime would merge the information appropriately. Thus
the WSDL Publisher would not be concerned about leaking some sensitive data.
Another approach would be to mark sensitive policy expressions with an attribute like 'private'. There was a concern expressed about solutions like this one.
As far as the actual publication is concerned, I thought it would be a matter
of policy components registering themselves as extensors with given WSDL nodes
like wsdl:service, wsdl:service/wsdl:ports, etc.
Thoughts ?
I think I agree that we should out attach to the WSDL. We should have
some sort of blacklisting mechanism though for policy expressions which
are private. By default, we should never allow publishing of security
info (the user shouldn't have to set private=false, it should just never
show). We should also allow the private=false mechanism.
Have you started work on WS-SecPol? I'm still wishing I had some cycles
to devote to this...
- Dan
--
Dan Diephouse
MuleSource
http://mulesource.com | http://netzooid.com/blog
