cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin" <>
Subject Automatic publication of ws-policy expressions
Date Thu, 20 Dec 2007 18:08:02 GMT

A number of CXF users have come across some limitations of its policy engine which prevent
them from
meeting otherwise expected results.
Particularly, what users expect from WS-Policy expressions is to set them up on the server
side and have client runtimes reuse them as appropriate.

Two issues are on the top of the list.
1. Policy engine needs to be explicitly enabled - this one should be simple to fix

2. Policies do not automatically get published

There're two cases here.

2.a Java-first development
2.b Contract-first, WSDL is already there, policy are defined elsewehere

For the purpose of the publication policy expressions I'd like to consider 2 cases be equivalent.
In both case an issue of privacy may arise, that is, is a given policy expression is safe
to be published ?

When discussinf WS-SecurityPolicy, I thought we agreed in principle that one way to solve
the issue of privacy is to
not put the sensitive configuration into the policy expressions but into features and then
the runtime would merge the information appropriately. Thus the WSDL Publisher would not be
concerned about leaking some sensitive data.

Another approach would be to mark sensitive policy expressions with an attribute like 'private'.
There was a concern expressed about solutions like this one. 

As far as the actual publication is concerned, I thought it would be a matter of policy components
registering themselves as extensors with given WSDL nodes like wsdl:service, wsdl:service/wsdl:ports,

Thoughts ?

Thanks, Sergey

IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message