On Jun 4, 2007, at 10:46 PM, Serge Merzliakov wrote:
Hi,
As a newcomer, I don't know much about Hessian (my day job requires WS-Security, SOAP and the orthodox SOA stack...) but I have got the samples working and like the simplicity very much. Are there any plans to encrypt messages or some other message level security (this excludes SSL) ? I know this strays into the WS-Security space (and we don't wan't to reinvent the WS-* wheel) but it would be a compelling argument for serious evaluation in most firms considering SOA.
I'm starting to skim WS-Security and it looks nightmarish. For Hessian, I'm thinking the following envelope syntax might make sense:
envelope ::= 'E' x02 x00 # Envelope for Hessian 2.0 method # envelope type (possibly use string instead of 'm') int # number of headers (string object)* # header values binary # encapsulated body int # number of footers (string object)* # footer values
The envelope could be nestable, i.e. the body could be another envelope or it could be the wrapped call/reply Hessian message.
The method would select a filter/envelope handler, which would be responsible for unwrapping the header.
For security, headers would contain things like encryption keys/algorithms for encryption, auth tokens. Footers would contain things like signatures/digests.
I need to continue looking at WS-Security to see if there's anything that fails to fit this model (I've only started looking), but I'd think this would be general enough.
-- Scott
Regards,Serge Merzliakov This message and any attachment is confidential and may
be privileged or otherwise protected from disclosure. If you
have received it by mistake, please let us know by reply
and then delete it from your system; you should not copy
the message or disclose its contents to anyone.
|
_______________________________________________ hessian-interest mailing list
| 
