cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: [DISCUSS] - STS framework implementation contribution
Date Tue, 20 Sep 2011 10:55:40 GMT
Ok cool. It sounds like people are happy with this contribution. I'll
add an initial version into a new services module on trunk.

Colm.

On Fri, Sep 16, 2011 at 3:23 AM, Willem Jiang <willem.jiang@gmail.com> wrote:
> +1 for we introduce a services module to house these kind of Service which
> is based on CXF and can be use out of box :)
>
> It could be helpful for the user to use this kind of Enterprise service more
> easily.
>
> On 9/16/11 1:07 AM, Daniel Kulp wrote:
>>
>>
>> On Thursday, September 15, 2011 3:27:06 PM Colm O hEigeartaigh wrote:
>>>
>>> ....
>>> In my opinion, this implementation will greatly enhance CXF's security
>>> story and will help to drive new users to the product. I would like to
>>> ask the CXF community for their opinion on this contribution (+1/-1?).
>>
>>
>> As someone who's been trying to push for this in Talend, I'm obviously +1
>> to the idea.   This is very similar to the discussion we had back in July
>> [1] about moving the WS-Notification stuff from
>> ServiceMix into CXF.  Obviously no work has been done toward that (yet),
>> but I still support the idea of being able to have "out of the box" some of
>> these enterprise level services that can make
>> using CXF in more complex environments easier and more approachable.
>>
>>> I would also like to ask for opinions on where it should go in the
>>> source - a new services module, or perhaps a subproject?
>>
>> I personally prefer creating a new "services/sts" directory in cxf/trunk
>> to house this.   One problem with subprojects is they seem to attract their
>> little sub-communities and they end up really
>> being separate from the main community.   They can languish based on old
>> versions (like our current DOSGi issue), not release often enough, etc...
>> I'd just prefer to keep it in trunk so it's
>> built and tested with the entirety of CXF.   At least for now.   That's my
>> opinion.
>>
>> Dan
>>
>>
>> [1]
>>  http://cxf.547215.n5.nabble.com/DISCUSSION-Support-WS-Notification-in-CXF-td4564096.html
>>
>>
>>
>> On Thursday, September 15, 2011 3:27:06 PM Colm O hEigeartaigh wrote:
>>>
>>> All,
>>>
>>> I would like to initiate a discussion on contributing a STS (Security
>>> Token Service) framework implementation to CXF. CXF currently has an
>>> STS framework in the ws-security module, and ships with a simple
>>> implementation in the examples. Talend would like to contribute a more
>>> sophisticated implementation of the STS framework to the community. It
>>> supports the following standards:
>>>
>>> STS support
>>>
>>> - WS-Trust 1.3/1.4
>>> - WS-SecurityPolicy
>>>
>>> Supports the following mechanism to authenticate an RST:
>>> - UsernameToken
>>> - SAML token (1.1/2.0)
>>> - KerberosToken
>>> - X509 Token
>>>
>>> Following security bindings are supported:
>>> - Symmetric
>>> - Asymmetric
>>> - Transport
>>>
>>> Supports Issue/Validate and Cancel binding
>>>
>>> Can issue the following tokens:
>>> - SAML 1.1/2.0
>>>       - Holder-Of-Key
>>>       - Bearer
>>> - custom tokens
>>>
>>> Issued token can be encrypted
>>>
>>> Validate binding supports issuing a new token.
>>> Custom Validator can be implemented
>>>
>>> Creation of SAML tokens can be customized:
>>> - authenticationstatement
>>> - attributestatements
>>>
>>>
>>> Advanced RST elements:
>>> - KeyType (Public, Symmetric, Bearer)
>>> - Entropy (Symmetric, Public)
>>> - OnBehalfOf
>>> - ActAs
>>> - Claims
>>> - SecondaryParameters
>>>
>>> - Custom ClaimsHandler
>>>
>>> In my opinion, this implementation will greatly enhance CXF's security
>>> story and will help to drive new users to the product. I would like to
>>> ask the CXF community for their opinion on this contribution (+1/-1?).
>>> I would also like to ask for opinions on where it should go in the
>>> source - a new services module, or perhaps a subproject?
>>>
>>> Colm.
>
>
> --
> Willem
> ----------------------------------
> FuseSource
> Web: http://www.fusesource.com
> Blog:    http://willemjiang.blogspot.com (English)
>         http://jnn.javaeye.com (Chinese)
> Twitter: willemjiang
> Weibo: willemjiang
>



-- 
Colm O hEigeartaigh

http://coheigea.blogspot.com/
Talend - http://www.talend.com

Mime
View raw message