I'd like to dig up this old post in order to debate the topic of identity. More specifically what can be done to identify a consumer of a service provided by Camel, and then filter what this principal is allowed to see? Sounds like the JAAS domain but I've not yet got my head around how this should be applied to Camel provider endpoints. Any thoughts?
On one of the other questions: cmoulliard wrote: > > - Authorize client to use services onto the bus. This point is probably > out of scope for Camel but it should be interesting also to have a > processor allowing to verify that the client can use or not a service > (like ftom().authorize()). You can argue that we can achieve this by > intercepting the data transfer and check all the security stuff outside of > camel or servicemix using Tivoli or equivalent solutions. > This can be done with AMQ at least - see my blog on authentication/authorisation: http://christopherhunt-software.blogspot.com/2009/03/mutual-ssl-authentication-and-ldap.html -- View this message in context: http://www.nabble.com/Is-security-support-planned-%28JAAS%2C-ACEGI%2C-...%29-tp16561887p22713394.html Sent from the Camel - Users (activemq) mailing list archive at Nabble.com.
