[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xmlBlaster security framework available


What is the status of Security Framework, now ?


At 08:09 PM 5/17/01 +0200, Wolfgang Kleinertz wrote:

As earlier announced, a security framework is under developement. Now,
first results are available in a cvs branch called 'security_branch'.

It contains:
 -- 3 new interfaces which must implemented in a
    security plugin:
       - I_SecurityManager
       - I_SessionSecurityContext
       - I_SubjectSecurityContext
    location: org.xmlBlaster.authenticate.
 -- a loader for security plugins:
 -- the new methods init and disconnect which
    replace login and logout (AuthServer)
 -- calls to check the rights, en-/decrypt
    messages, sign/verify signatures ...
 -- a dummy plugin which is used as default.
    It has the same behavior as a usual xmlBlaster
    without security extensions.
 -- init and disconnect extensions in the CORBA
    and RMI protocol handler
    (XML-RPC, etc. are untouched. Thus, they don't
    support init/disconnect up to now!)

An a2Blaster-plugin is also available, but not included, because it
presumes a2Blaster classes ...

Documentation (for administration and plugin developement), tests for
the test-suite, demos ... are in progress an will follow soon.

At this stage, I'm very interested in YOUR experiences regarding
This version *should* work without any changes, neither in sources nor
in the configuration.
I rely on YOUR feedback, to put everything right and merge this with the
main branch as soon as possible!!!

Sure, I'm interested in opinions and further experiences, too. But I
think, it's better to ask for it when documentation etc. is available

I'm waiting for your reports ... :)

Best regards, Wolfgang Kleinertz