cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r820888 - in /websites/production/cxf/content: cache/main.pageCache fediz-architecture.data/ fediz-architecture.data/Fediz_Detailed.png fediz-architecture.data/Fediz_Highlevel.png fediz-architecture.html fediz.html
Date Fri, 08 Jun 2012 22:47:50 GMT
Author: buildbot
Date: Fri Jun  8 22:47:50 2012
New Revision: 820888

Log:
Production update by buildbot for cxf

Added:
    websites/production/cxf/content/fediz-architecture.data/
    websites/production/cxf/content/fediz-architecture.data/Fediz_Detailed.png   (with props)
    websites/production/cxf/content/fediz-architecture.data/Fediz_Highlevel.png   (with props)
    websites/production/cxf/content/fediz-architecture.html
Modified:
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/fediz.html

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Added: websites/production/cxf/content/fediz-architecture.data/Fediz_Detailed.png
==============================================================================
Binary file - no diff available.

Propchange: websites/production/cxf/content/fediz-architecture.data/Fediz_Detailed.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: websites/production/cxf/content/fediz-architecture.data/Fediz_Highlevel.png
==============================================================================
Binary file - no diff available.

Propchange: websites/production/cxf/content/fediz-architecture.data/Fediz_Highlevel.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: websites/production/cxf/content/fediz-architecture.html
==============================================================================
--- websites/production/cxf/content/fediz-architecture.html (added)
+++ websites/production/cxf/content/fediz-architecture.html Fri Jun  8 22:47:50 2012
@@ -0,0 +1,246 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<html>
+  <head>
+    <link type="text/css" rel="stylesheet" href="http://cxf.apache.org/resources/site.css">
+    <script src="http://cxf.apache.org/resources/space.js" type="text/javascript"></script>
+    
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture,
web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support,
integration standards, application integration, middleware, software, solutions, services,
CXF, open source">
+<meta name="description" content="Apache CXF, Services Framework - Fediz Architecture">
+    <title>
+Apache CXF -- Fediz Architecture
+    </title>
+  </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+  <tr>
+    <td id="cell-0-0" colspan="2">&nbsp;</td>
+    <td id="cell-0-1">&nbsp;</td>
+    <td id="cell-0-2" colspan="2">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-1-0">&nbsp;</td>
+    <td id="cell-1-1">&nbsp;</td>
+    <td id="cell-1-2">
+      <div style="padding: 5px;">
+        <div id="banner">
+          <!-- Banner -->
+<div id="banner-content">
+<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left"
colspan="1" nowrap>
+<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight:
bold; font-size: 170%; color: white">Apache CXF</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Software Foundation"><img
border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
+</td></tr></table>
+</div>
+          <!-- Banner -->
+        </div>
+      </div>
+      <div id="top-menu">
+        <table border="0" cellpadding="1" cellspacing="0" width="100%">
+          <tr>
+            <td>
+              <div align="left">
+                <!-- Breadcrumbs -->
+<a href="index.html">Index</a>&nbsp;&gt;&nbsp;<a href="fediz.html">Fediz</a>&nbsp;&gt;&nbsp;<a
href="fediz-architecture.html">Fediz Architecture</a>
+                <!-- Breadcrumbs -->
+              </div>
+            </td>
+            <td>
+              <div align="right">
+                <!-- Quicklinks -->
+<div id="quicklinks"><p><a shape="rect" href="download.html" title="Download">Download</a>
| <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
+                <!-- Quicklinks -->
+              </div>
+            </td>
+          </tr>
+        </table>
+      </div>
+    </td>
+    <td id="cell-1-3">&nbsp;</td>
+    <td id="cell-1-4">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-2-0" colspan="2">&nbsp;</td>
+    <td id="cell-2-1">
+      <table>
+        <tr valign="top">
+          <td height="100%">
+            <div id="wrapper-menu-page-right">
+              <div id="wrapper-menu-page-top">
+                <div id="wrapper-menu-page-bottom">
+                  <div id="menu-page">
+                    <!-- NavigationBar -->
+<div id="navigation"><h3><a shape="rect" name="Navigation-ApacheCXFIndex"></a><a
shape="rect" href="index.html" title="Index">Apache CXF</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="index.html"
title="Index">Home</a></li><li><a shape="rect" href="download.html"
title="Download">Download</a></li><li><a shape="rect" href="people.html"
title="People">People</a></li><li><a shape="rect" href="project-status.html"
title="Project Status">Project Status</a></li><li><a shape="rect"
href="roadmap.html" title="Roadmap">Roadmap</a></li><li><a shape="rect"
href="mailing-lists.html" title="Mailing Lists">Mailing Lists</a></li><li><a
shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/CXF">Issue
Reporting</a></li><li><a shape="rect" href="special-thanks.html" title="Special
Thanks">Special Thanks</a></li><li><a shape="rect" class="external-link"
href="http://www.apache.org/licenses/">License</a></li><li><a shape="rect"
href="security-advisories.html" title="Security Advisories">Security Advisories</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Users"></a>Users</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="http://cxf.apache.org/docs/index.html">User's
Guide</a></li><li><a shape="rect" href="support.html" title="Support">Support</a></li><li><a
shape="rect" href="faq.html" title="FAQ">FAQ</a></li><li><a shape="rect"
href="resources-and-articles.html" title="Resources and Articles">Resources and Articles</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Search"></a>Search</h3>
+
+<form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
+  <div>
+    <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
+    <input type="hidden" name="ie" value="UTF-8">
+    <input type="text" name="q" size="21">
+    <input type="submit" name="sa" value="Search">
+  </div>
+</form>
+<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
+
+
+<h3><a shape="rect" name="Navigation-Developers"></a>Developers</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="http://cxf.apache.org/docs/cxf-architecture.html">Architecture
Guide</a></li><li><a shape="rect" href="source-repository.html" title="Source
Repository">Source Repository</a></li><li><a shape="rect" href="building.html"
title="Building">Building</a></li><li><a shape="rect" href="automated-builds.html"
title="Automated Builds">Automated Builds</a></li><li><a shape="rect"
href="testing-debugging.html" title="Testing-Debugging">Testing-Debugging</a></li><li><a
shape="rect" href="coding-guidelines.html" title="Coding Guidelines">Coding Guidelines</a></li><li><a
shape="rect" href="getting-involved.html" title="Getting Involved">Getting Involved</a></li><li><a
shape="rect" href="release-management.html" title="Release Management">Release Management</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Subprojects"></a>Subprojects</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="distributed-osgi.html"
title="Distributed OSGi">Distributed OSGi</a></li><li><a shape="rect"
href="xjc-utils.html" title="XJC Utils">XJC Utils</a></li><li><a shape="rect"
href="build-utils.html" title="Build Utils">Build Utils</a></li><li><a
shape="rect" href="fediz.html" title="Fediz">Fediz</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-ASF"></a><a shape="rect" class="external-link"
href="http://www.apache.org">ASF</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" class="external-link"
href="http://www.apache.org/foundation/how-it-works.html">How Apache Works</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/foundation/">Foundation</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsor
Apache</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li><li><a
shape="rect" class="external-link" href="http://www.apache.org/security/">Security</a></li></ul>
+</div>
+                    <!-- NavigationBar -->
+                  </div>
+              </div>
+            </div>
+          </div>
+         </td>
+         <td height="100%">
+           <!-- Content -->
+           <div class="wiki-content">
+<div id="ConfluenceContent"><h1><a shape="rect" name="FedizArchitecture-FedizArchitecture"></a>Fediz
Architecture</h1>
+<p>This page describes the security architecture for WS-Federation and the message
flow between the components in detail.<br clear="none">
+The scope of Fediz is illustrated in the next section.</p>
+
+<h3><a shape="rect" name="FedizArchitecture-WSFederationDesign"></a>WS-Federation
Design</h3>
+
+<p>The following picture illustrates the main components of a Web Single Sign On (SSO)
solution based on WS-Federation (Passive Requestor Profile). The Web Application is part of
the Relying Party (RP) side whereas the Identity Provider (IDP/STS) is the central security
server that is responsible to authenticate clients and issue security tokens based on the
requirements by the RP.<br clear="none">
+The IDP component leverages the STS capabilities to issue all sorts of security tokens.<br
clear="none">
+An browser first access the Web Application (RP) which redirects the browser to the IDP as
the requestor is not authenticated. The IDP authenticates the user and requests a security
token based on the requirements by the RP. The security token is "redirected" to the RP which
validates the token and creates a session in the RP.</p>
+
+
+<p><span class="image-wrap" style="display: block; text-align: center"><img
src="fediz-architecture.data/Fediz_Highlevel.png" style="border: 0px solid black"></span></p>
+
+
+<p>Fediz provides the following components to implement Web SSO based on WS-Federation
(red background):</p>
+<ul><li><b>Federation Plugin for RP</b><br clear="none">
+The plugin consists of two Fediz libraries. The core processing logic is within a container
independent library. In addition, a library is provided for each container to adapt the core
library to the container specific security API.</li></ul>
+
+
+<ul><li><b>IDP / STS</b><br clear="none">
+The IDP / STS leverages the Apache CXF STS. Fediz ships a fully configured IDP where users/claims
are managed in files. The IDP can be configured to integrate an LDAP directory.</li></ul>
+
+
+<ul><li><b>Examples</b><br clear="none">
+Fediz ships examples to illustrate how to protect a web application.</li></ul>
+
+
+
+<h3><a shape="rect" name="FedizArchitecture-WSFederationMessageflow"></a>WS-Federation
Message flow</h3>
+
+<p>This section describes and illustrates the message flow between the browser and
the application and IDP in more detail.</p>
+
+
+<p><span class="image-wrap" style="display: block; text-align: center"><img
src="fediz-architecture.data/Fediz_Detailed.png" style="border: 0px solid black"></span></p>
+
+
+<p>The browser accesses the web application (1). It is then redirected to IDP/STS if
no token or cookie is supplied in the request (2). This redirection process may require prompting
the user (3) to authenticate himself (4). The IDP/STS issues a signed SAML 2.0 security token
(WS-Federation doesn&#8217;t mandate SAML). The IDP "redirects" (5/6) the user to the
application server including the SAML token. The application server verifies the signature
of the SAML token. There is a trust relationship between the application server and the IDP/STS
which doesn't require network connectivity between the application server and the IDP/STS
(Cloud!). After successful validation, a session is created and the corresponding cookie is
set on the browser (7). Finally, the request is dispatched to the application.</p>
+
+<p>As an extension to the description above, step 2 might contain specific claims requested
by the application such as role, username, full name, email address, sales organization, etc.
which are gathered by the STS.</p>
+
+<p>Requirements of the Web Application are described in the WS-Federation Metadata
document.</p>
+
+
+<h3><a shape="rect" name="FedizArchitecture-Components"></a>Components</h3>
+
+<h5><a shape="rect" name="FedizArchitecture-WSTrustSecurityTokenService%28STS%29"></a>WS-Trust
Security Token Service (STS)</h5>
+<p>The <a shape="rect" class="external-link" href="http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/os/ws-trust-1.4-spec-os.html"
rel="nofollow">WS-Trust OASIS standard</a> specifies a runtime component called Security
Token Service. A service consumer requests a security token from the STS which is sent to
the service provider. Either the service provider can validate the security token on its own
or sends a request to the STS for validation. This pattern is based on an indirect trust relationship
between the service provider and the STS instead of a direct trust between the service provider
and service consumer. As long as the service consumer is in the possession of a security token
issued by a trusted STS, the service provider accepts this security token.</p>
+
+<p>A key benefit of the STS is the reduced complexity for applications. A web service
consumer doesn't have to know how to create the various types of security tokens its service
providers require. Instead, it sends a request to the STS containing the requirements of the
client and the service provider and attaches the returned security token to the outgoing SOAP
message to the service provider.<br clear="none">
+One service provider could require a SAML 1.1 token, another SAML 2.0 token and another custom
binary security token. The service consumer doesn't have to understand SAML 1.1, SAML 2.0
or the custom binary security token. All he has to do is grab the returned token from the
STS and attach it to the message. Thus, you can reduce the complexity in your application
and move it to a centralized component.<br clear="none">
+A web service consumer requests tokens from an STS if the service provider defines an IssuedToken
assertion in its security policy. This policy can contain some additional information like
the address of the STS, token type, claims, etc.</p>
+
+<h5><a shape="rect" name="FedizArchitecture-Identityprovider%28IDP%29"></a>Identity
provider (IDP)</h5>
+<p>The security model of the STS builds on the foundation established by WS-Security
and WS-Trust. The primary issue for Web browsers is that there is no easy way to directly
send web service (SOAP) requests. Consequently, the processing must be performed within the
confines of the base HTTP 1.1 functionality (GET, POST, redirects, and cookies) and conform
as closely as possible to the WS-Trust protocols for token acquisition.</p>
+
+<h3><a shape="rect" name="FedizArchitecture-ClaimsbasedAccessControl"></a>Claims
based Access Control</h3>
+<p>A claim is a statement made about a client. The concept of claim is described in
the WS-Trust specification. Claims information of an authenticated subject can ba carried
in a Attribute Statement of a SAML token even WS-Trust doesn't mandate the usage of SAML token
to carry this information.<br clear="none">
+Role based Access Control (RBAC) is a subet of Claims based Access Control. The roles of
a user/subject is just a claim statement.</p>
+
+<h3><a shape="rect" name="FedizArchitecture-ResourceandRequestorIDP"></a>Resource
and Requestor IDP</h3>
+</div>
+           </div>
+           <!-- Content -->
+         </td>
+        </tr>
+      </table>
+   </td>
+   <td id="cell-2-2" colspan="2">&nbsp;</td>
+  </tr>
+  <tr>
+   <td id="cell-3-0">&nbsp;</td>
+   <td id="cell-3-1">&nbsp;</td>
+   <td id="cell-3-2">
+     <div id="footer">
+       <!-- Footer -->
+       <div id="site-footer">
+         <a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a>
- 
+         (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=27849062">edit
page</a>) 
+	 (<a href="https://cwiki.apache.org/confluence/display/CXF/Fediz+Architecture?showComments=true&amp;showCommentArea=true#addcomment">add
comment</a>)<br>
+	Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+        All other marks mentioned may be trademarks or registered trademarks of their respective
owners.
+       </div>
+       <!-- Footer -->
+     </div>
+   </td>
+   <td id="cell-3-3">&nbsp;</td>
+   <td id="cell-3-4">&nbsp;</td>
+  </tr>
+  <tr>
+    <td id="cell-4-0" colspan="2">&nbsp;</td>
+    <td id="cell-4-1">&nbsp;</td>
+    <td id="cell-4-2" colspan="2">&nbsp;</td>
+  </tr>
+</table>
+
+<script type="text/javascript">
+var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+</script>
+<script type="text/javascript">
+try {
+var pageTracker = _gat._getTracker("UA-4458903-1");
+pageTracker._trackPageview();
+} catch(err) {}</script>
+
+</body>
+</html>
+

Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Fri Jun  8 22:47:50 2012
@@ -156,7 +156,7 @@ Apache CXF -- Fediz
 <ul><li>Support for Jetty and JBoss</li><li>CXF plugin</li><li>Support
for encrypted SAML tokens</li><li>Support for Holder-Of-Key SubjectConfirmationMethod</li><li>"Resource
IDP" support for Fediz IDP</li><li>support for other protocols like SAML-P, OAuth</li></ul>
 
 
-<p>You can get the current status of the issues <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/FEDIZ">here </a>.</p>
+<p>You can get the current status of the enhancements <a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/FEDIZ">here </a>.</p>
 
 <h2><a shape="rect" name="Fediz-Gettingstarted"></a>Getting started</h2>
 



Mime
View raw message