cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject [DISCUSS] - STS framework implementation contribution
Date Thu, 15 Sep 2011 14:27:06 GMT
All,

I would like to initiate a discussion on contributing a STS (Security
Token Service) framework implementation to CXF. CXF currently has an
STS framework in the ws-security module, and ships with a simple
implementation in the examples. Talend would like to contribute a more
sophisticated implementation of the STS framework to the community. It
supports the following standards:

STS support

- WS-Trust 1.3/1.4
- WS-SecurityPolicy

Supports the following mechanism to authenticate an RST:
- UsernameToken
- SAML token (1.1/2.0)
- KerberosToken
- X509 Token

Following security bindings are supported:
- Symmetric
- Asymmetric
- Transport

Supports Issue/Validate and Cancel binding

Can issue the following tokens:
- SAML 1.1/2.0
      - Holder-Of-Key
      - Bearer
- custom tokens

Issued token can be encrypted

Validate binding supports issuing a new token.
Custom Validator can be implemented

Creation of SAML tokens can be customized:
- authenticationstatement
- attributestatements


Advanced RST elements:
- KeyType (Public, Symmetric, Bearer)
- Entropy (Symmetric, Public)
- OnBehalfOf
- ActAs
- Claims
- SecondaryParameters

- Custom ClaimsHandler

In my opinion, this implementation will greatly enhance CXF's security
story and will help to drive new users to the product. I would like to
ask the CXF community for their opinion on this contribution (+1/-1?).
I would also like to ask for opinions on where it should go in the
source - a new services module, or perhaps a subproject?

Colm.


-- 
Colm O hEigeartaigh

http://coheigea.blogspot.com/
Talend - http://www.talend.com

Mime
View raw message