Return-Path: X-Original-To: apmail-ws-dev-archive@www.apache.org Delivered-To: apmail-ws-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 00C2F9FD4 for ; Mon, 14 Nov 2011 13:03:52 +0000 (UTC) Received: (qmail 2266 invoked by uid 500); 14 Nov 2011 13:03:52 -0000 Delivered-To: apmail-ws-dev-archive@ws.apache.org Received: (qmail 2087 invoked by uid 500); 14 Nov 2011 13:03:52 -0000 Mailing-List: contact dev-help@ws.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ws.apache.org Delivered-To: mailing list dev@ws.apache.org Received: (qmail 2077 invoked by uid 99); 14 Nov 2011 13:03:52 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Nov 2011 13:03:52 +0000 Received: from localhost (HELO mail-qw0-f42.google.com) (127.0.0.1) (smtp-auth username coheigea, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Nov 2011 13:03:51 +0000 Received: by qabg40 with SMTP id g40so2466830qab.1 for ; Mon, 14 Nov 2011 05:03:50 -0800 (PST) MIME-Version: 1.0 Received: by 10.224.30.208 with SMTP id v16mr5679641qac.54.1321275830760; Mon, 14 Nov 2011 05:03:50 -0800 (PST) Reply-To: coheigea@apache.org Received: by 10.224.47.129 with HTTP; Mon, 14 Nov 2011 05:03:50 -0800 (PST) In-Reply-To: <3099643.rmaH95U1Gh@dilbert.dankulp.com> References: <20111110200248.40530977@mgi.gigerstyle.ch> <3099643.rmaH95U1Gh@dilbert.dankulp.com> Date: Mon, 14 Nov 2011 13:03:50 +0000 Message-ID: Subject: Re: PROPOSAL to merge Rampart, CXF, swssf AssertionBuilder and Assertion classes From: Colm O hEigeartaigh To: dev@ws.apache.org Cc: Marc Giger Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable > My ONLY concern is that the CXF model has come a long way in the last cou= ple > years. It supports a lot of other token types and custom algorithm thing= s and > such that the rampart model doesn't. Thus, we'll definitely need to go > through the CXF model and find the updates and fixes. Either that, or s= tart > with the CXF model, not the Rampart one, since the CXF model should be > completely Neethi3, DOM based, etc.... and pretty much meets all the same > requirements you listed. I agree with this. Why not just use the CXF model instead, given that it meets the requirements? Colm. On Fri, Nov 11, 2011at 6:53 PM, Daniel Kulp wrote: > >> I agree [ =A0 x =A0] > > > I definitely agree with the idea. =A0 If you look back at the Neethi 3 > discussions, this was one of my primary motivations for the changes in Ne= ethi > 3. =A0 =A0It allows creating policy models that are more re-usable. > > My ONLY concern is that the CXF model has come a long way in the last cou= ple > years. =A0It supports a lot of other token types and custom algorithm thi= ngs and > such that the rampart model doesn't. =A0 Thus, we'll definitely need to g= o > through the CXF model and find the updates and fixes. =A0 Either that, or= start > with the CXF model, not the Rampart one, since the CXF model should be > completely Neethi3, DOM based, etc.... and pretty much meets all the same > requirements you listed. > > Dan > > > > > On Thursday, November 10, 2011 8:02:48 PM Marc Giger wrote: >> Dear WS-devs, >> >> At the moment there are at least 4 AssertionBuilder and 3 Assertion clas= ses >> per WS-Security-Policy-Assertion. The original Rampart ones, the CXF one= s >> lent by rampart and my classes (swssf) lent by Rampart. All of you, whic= h >> did contribute to the policy implementations, know how much time it take= s >> to implement it and how complicated it can be. >> >> The attached patch is a first try/draft/proposal to to get rid of this >> overhead so that we can use a common code base. It is of course not >> intended for inclusion but to start a discussion about requirements. >> >> The provided patch should show you >> - the support of neested policies and its normalization (attached is a >> sample policy in compact form and its normalized version which was >> normalized with the code in the patch) - the simplification of the multi= ple >> Policy-Versions handling >> - generic (simple) method and class to do the final assert of an alterna= tive >> >> The axis/rampart developers will note that the builders are using the >> W3C-DOM implementation instead of the axiom framework. The rationale is >> that no additional dependencies are needed, DOM is an official standard = and >> we aren't in a "hot-path" (Normally the policy will be build once during >> the whole runtime). So, this shouldn't be a big deal. >> >> There is an alternative to the proposed concept. Build the policy withou= t >> the builders and call the concrete builders during normalization or duri= ng >> other structural changes. The primitive assertion objects can be hold >> behind the scene to allow structural changes all the time. >> >> Before I invest more time I want to make sure the asf-dev-community is i= n >> favor and the result will be accepted. >> >> What do you think? >> >> I agree [ ] >> I disagree [ ] >> I don't care [ ] >> What do you want?, it is perfect as it is! [ ] >> >> I'm willing to help [ ] >> >> Comments/notes/concerns/objections/ideas? >> >> Please share your opinion! >> >> Thanks >> >> Marc > -- > Daniel Kulp > dkulp@apache.org > http://dankulp.com/blog > Talend - http://www.talend.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org > For additional commands, e-mail: dev-help@ws.apache.org > > --=20 Colm O hEigeartaigh Talend Community Coder http://coders.talend.com --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org For additional commands, e-mail: dev-help@ws.apache.org