Venkata Krishnan wrote:
Hi,
Heres what I am intending to do for the secure-bigbank into which I have
copied over the exiting calculator, stockquote and account demos into
secure-bigbank...
Could you commit that? it doesn't have to work, I'm sure it's going to
take a few weeks before it does, but that'll allow everybody to take a look.
I'd suggest to have multiple modules similar to the existing module
structure and in addition to that split the account module in three
(account, savings-accountdata and checking-accountdata) representing
different divisions in the bank.
- The Calculator and StockQuote services need to exchange data that cannot
be tampered with since the AccountService heavily 'relies' on their
results. So interaction with these two services should have 'integrity'. I
don't think there is a need for authentication or confidentiality for the
interactions with these services.
Yes makes sense
- The AccountData service is right now accessed only by the AccountService.
I'd like to open this out and put in the following security constraints :-
- just keep authentication when accessed from the AccoutService
locally say over binding.sca
- enforce authentication, confidentiality and integrity when accessed
from outside say over binding.ws
OK
- Finally the AccountService should enforce authentication, confidentiality
and integrity.
Does this sound ok ?
Sounds good. More ideas will probably pop up as the scenario matures,
but I can think of two other dimensions to this:
- Use different confidentiality levels between divisions of the bank and
communication with the external world.
- Think about the security aspects of the JSP that implements the UI.
--
Jean-Sebastien
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
