OpenEngSB
  1. OpenEngSB
  2. OPENENGSB-1717

OpenEngSB Ports configuration have to support service filtering and unsecure queues

    Details

      Description

      Since ppl start using the remote service implementations in 1.2.x they're using unsecure services. First of all we need to provide that (optional) feature to allow a smooth transition from 1.2.x to 1.3.x. In addition we have the following situation. In real world applications there are services which require security (because of e.g. critical data) and services which do not (e.g. timeService). Though, it should NEVER be allowed to call some methods over the unsecure connection. This means that we have to allow to configure various access-points and in addition allow to define which services are allowed to be call. This should happen somehow like: base configuration opt-in except ... and opt-out except. This would make it easy to allow to configure a system where you can call every service via the secure interfaces by default and none in the unsecure. Then you can add services allowed to be called in the unsecure interface

        Gliffy Diagrams

          Issues in Epic

          There are no issues in this epic.

          Error rendering 'com.meetme.plugins.jira.gerrit-plugin:gerritreviewsmodule'. Please contact your JIRA administrators.

            Activity

            Hide
            Christoph Gritschenberger added a comment -

            Maybe we could introduce some kind of rating-system.
            Every port exports a "security-level"-property. Services may export a "minimum-security-level"-property.
            It has to be made sure, that only ports with sufficient security-level call the services
            WDYT?

            Show
            Christoph Gritschenberger added a comment - Maybe we could introduce some kind of rating-system. Every port exports a "security-level"-property. Services may export a "minimum-security-level"-property. It has to be made sure, that only ports with sufficient security-level call the services WDYT?
            Hide
            Andreas Pieber added a comment -

            sounds definitely good; though some reasonable default settings may not hurt

            Show
            Andreas Pieber added a comment - sounds definitely good; though some reasonable default settings may not hurt
            Hide
            Christoph Gritschenberger added a comment -

            We will provide a separate bundle providing an unsecure jms-port-service (with the same name), with higher ranking than the secure one.
            It will be a separeate feature in features.xml and not installed by default.

            Show
            Christoph Gritschenberger added a comment - We will provide a separate bundle providing an unsecure jms-port-service (with the same name), with higher ranking than the secure one. It will be a separeate feature in features.xml and not installed by default.

              People

              • Assignee:
                Christoph Gritschenberger
                Reporter:
                Andreas Pieber
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: