cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Freeman Fang <freeman.f...@gmail.com>
Subject Re: [DISCUSS] - STS framework implementation contribution
Date Fri, 16 Sep 2011 01:22:29 GMT

On 2011-9-16, at 上午1:07, Daniel Kulp wrote:

>
>
> On Thursday, September 15, 2011 3:27:06 PM Colm O hEigeartaigh wrote:
>> ....
>> In my opinion, this implementation will greatly enhance CXF's  
>> security
>> story and will help to drive new users to the product. I would like  
>> to
>> ask the CXF community for their opinion on this contribution  
>> (+1/-1?).
>
>
> As someone who's been trying to push for this in Talend, I'm  
> obviously +1 to the idea.   This is very similar to the discussion  
> we had back in July [1] about moving the WS-Notification stuff from
> ServiceMix into CXF.  Obviously no work has been done toward that  
> (yet), but I still support the idea of being able to have "out of  
> the box" some of these enterprise level services that can make
> using CXF in more complex environments easier and more approachable.
>
>> I would also like to ask for opinions on where it should go in the
>> source - a new services module, or perhaps a subproject?
>
> I personally prefer creating a new "services/sts" directory in cxf/ 
> trunk to house this.   One problem with subprojects is they seem to  
> attract their little sub-communities and they end up really
> being separate from the main community.   They can languish based on  
> old versions (like our current DOSGi issue), not release often  
> enough, etc...   I'd just prefer to keep it in trunk so it's
> built and tested with the entirety of CXF.   At least for now.    
> That's my opinion.
>

+1 to be a new module in trunk

Freeman
> Dan
>
>
> [1]  http://cxf.547215.n5.nabble.com/DISCUSSION-Support-WS-Notification-in-CXF-td4564096.html
>
>
>
> On Thursday, September 15, 2011 3:27:06 PM Colm O hEigeartaigh wrote:
>> All,
>>
>> I would like to initiate a discussion on contributing a STS (Security
>> Token Service) framework implementation to CXF. CXF currently has an
>> STS framework in the ws-security module, and ships with a simple
>> implementation in the examples. Talend would like to contribute a  
>> more
>> sophisticated implementation of the STS framework to the community.  
>> It
>> supports the following standards:
>>
>> STS support
>>
>> - WS-Trust 1.3/1.4
>> - WS-SecurityPolicy
>>
>> Supports the following mechanism to authenticate an RST:
>> - UsernameToken
>> - SAML token (1.1/2.0)
>> - KerberosToken
>> - X509 Token
>>
>> Following security bindings are supported:
>> - Symmetric
>> - Asymmetric
>> - Transport
>>
>> Supports Issue/Validate and Cancel binding
>>
>> Can issue the following tokens:
>> - SAML 1.1/2.0
>>      - Holder-Of-Key
>>      - Bearer
>> - custom tokens
>>
>> Issued token can be encrypted
>>
>> Validate binding supports issuing a new token.
>> Custom Validator can be implemented
>>
>> Creation of SAML tokens can be customized:
>> - authenticationstatement
>> - attributestatements
>>
>>
>> Advanced RST elements:
>> - KeyType (Public, Symmetric, Bearer)
>> - Entropy (Symmetric, Public)
>> - OnBehalfOf
>> - ActAs
>> - Claims
>> - SecondaryParameters
>>
>> - Custom ClaimsHandler
>>
>> In my opinion, this implementation will greatly enhance CXF's  
>> security
>> story and will help to drive new users to the product. I would like  
>> to
>> ask the CXF community for their opinion on this contribution  
>> (+1/-1?).
>> I would also like to ask for opinions on where it should go in the
>> source - a new services module, or perhaps a subproject?
>>
>> Colm.
> -- 
> Daniel Kulp
> dkulp@apache.org
> http://dankulp.com/blog
> Talend - http://www.talend.com

---------------------------------------------
Freeman Fang

FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com










Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message