Please find my comments inline.
-Original Message-
From: Guillaume Nodet [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 25, 2006 10:45 AM
To: servicemix-dev@geronimo.apache.org
Subject: Re: ServiceMix and security
The main problem of using a JBI component to provide security is that
agement.
>
> Hossam
>
>
> -Original Message-
> From: Guillaume Nodet [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, April 19, 2006 2:57 AM
> To: servicemix-dev@geronimo.apache.org
> Subject: ServiceMix and security
>
> One of the important feature ServiceMi
On 4/19/06, Dain Sundstrom <[EMAIL PROTECTED]> wrote:
> On Apr 19, 2006, at 10:40 AM, Bruce Snyder wrote:
>
> > On 4/18/06, Hossam Karim <[EMAIL PROTECTED]> wrote:
> >> Just thinking:
> >> - Security is a service
> >> - A component installed inside SM can support a SM specific security
> >> contrac
I believe that the Subject should be used in some way to carry the
WS-Security envelope information. Then, some authentication mechanism is
responsible to check each message/invocation against the destination
endpoint policy. Each JBI component that has security requirements must
declare the polic
management.
Hossam
-Original Message-
From: Guillaume Nodet [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 19, 2006 2:57 AM
To: servicemix-dev@geronimo.apache.org
Subject: ServiceMix and security
One of the important feature ServiceMix does not address yet is security.
I' m not r
I think we need to separate security into a number of categories:
1) protecting the content (confidentiality and integrity)
2) authentication
3) authorization
4) auditing
5) single sign-on
So these can be applied at several levels -- the transport from
outside to binding component, the invocation
