[jira] Created: (TUSCANY-1666) Security policy- participation in existing security context

Wed, 05 Sep 2007 13:30:07 -0700 

Security policy- participation in existing security context
-----------------------------------------------------------

                 Key: TUSCANY-1666
                 URL: https://issues.apache.org/jira/browse/TUSCANY-1666
             Project: Tuscany
          Issue Type: New Feature
          Components: Java SCA Core Runtime
    Affects Versions: Java-SCA-Next
         Environment: General
            Reporter: haleh mahbod


Content of this JIRA is based on this email thread from Jeff Anderson 
(Deloitte):

http://www.mail-archive.com/[EMAIL PROTECTED]/msg01683.html

Description of the requirement:

Would like  to be able to specify participation in existing security 
context much like the mechanisms provided by WS security, WS-secconv, and 
related specifications.  However, current implementations of Web services 
stacks makes it difficult to evolve a local component to a true web service and 
back again without having to follow a completely different security model.  We 
believe Tuscany to be a excellent location to access a policy driven framework 
that allow us to specify security requirements of the service either using 
annotations, SCDL configuration, or some other method.  Soap headers, or local 
security context could interact with the security policy dependent on each of 
the SCA binding used to wire together the various services.
Some examples could be the use of a @Fedactive annotation to declare that a 
services capable of issuing messages containing security tokens such as those 
described by WS-security and WS-trust.  Within a local binding, the annotation 
could still declare a need for the service to issue explicit security tokens, 
although the token may be passed using a different mechanism.
It would be ideal to have this model follow a more framework approach, with the 
explicitly defined plug-in architecture allowing third-party vendors to 
integrate Tuscany to their own vendor suite.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to