cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Diephouse <>
Subject Re: WS-SX
Date Mon, 24 Sep 2007 18:26:13 GMT

Fred Dushin wrote:
> So, to summarize:
>  *) I disagree that specification of key material should be done 
> through WSDL and/or WS-Policy; that's not what it's for, and there is 
> a real risk of compromise of security-sensitive information this way
I agree that its quite dangerous to put the security info in the policy. 
People will start emailing policies around or putting them in their 
repository without the proper security constraints. If there was 
significant simplification from a user's POV in doing this, I would 
probably support it. But as it stands, people are most likely going to 
have a separate policy file and configuration file anyway.
>  *) I am more inclined to view feature-based config as a kind of 
> simplification of policy-based config, and as a potential generator of 
> policy, which makes it complementary to policy, not orthogonal
>  *) I agree that in some small percentage of cases, we need to support 
> configuration of WS-SecurityPolicy directly, and at a low level, but 
> these cases fall below the 20% bar, and can certainly be exposed 
> through low-level config.
I completely agree here with Fred, and I thank him for taking the time 
to write this email which expresses my views better than I could have :-).

I especially would like people to consider the use case of using CXF 
from the API. Its much harder to set up a service to use WS-SX by 
building a policy document than it is to use a Feature.

- Dan

Dan Diephouse
MuleSource |

View raw message