hi, i have put together a simple consumer, camel (acting as intermediary) and provider. CXF+WSS4J provide the basis. Identity is delivered with SAML and extracted into exchange (available to camel components). On the todo list, is to put together authorization based on PERMIS. In principle: service name, operation name, and client identity serve as a basis for the authorization decision.
--pawel On Thu, Mar 26, 2009 at 12:57 AM, huntc <hu...@mac.com> wrote: > > I'd like to dig up this old post in order to debate the topic of identity. > More specifically what can be done to identify a consumer of a service > provided by Camel, and then filter what this principal is allowed to see? > Sounds like the JAAS domain but I've not yet got my head around how this > should be applied to Camel provider endpoints. Any thoughts? > > On one of the other questions: > > > cmoulliard wrote: >> >> - Authorize client to use services onto the bus. This point is probably >> out of scope for Camel but it should be interesting also to have a >> processor allowing to verify that the client can use or not a service >> (like ftom().authorize()). You can argue that we can achieve this by >> intercepting the data transfer and check all the security stuff outside of >> camel or servicemix using Tivoli or equivalent solutions. >> > This can be done with AMQ at least - see my blog on > authentication/authorisation: > > http://christopherhunt-software.blogspot.com/2009/03/mutual-ssl-authentication-and-ldap.html > > -- > View this message in context: > http://www.nabble.com/Is-security-support-planned-%28JAAS%2C-ACEGI%2C-...%29-tp16561887p22713394.html > Sent from the Camel - Users (activemq) mailing list archive at Nabble.com. > > -- pawel
